Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Badly Infected - Kernel Level Rootkit!


  • This topic is locked This topic is locked
14 replies to this topic

#1 smm

smm

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 10 May 2010 - 12:15 AM

Hello,

Thanks in advance for helping me. I have something that has badly infected one of our computers. Please help because it seems to be getting worse and now even the little pop-ups are misspelled and I the GMER scans keep getting bigger and bigger including many OS files.

I attached some log files for you. I couldn't get GMER to ever save! I did it in safe mode and was able to save, but never during a normal boot. I tried 5 times, changing the file name each time to no avail. I did kind of outsmart the "system" by saving the log before the scan was finished (at a point that was almost done...). That worked for what it is worth.

Anyway the is the first part of the GMER test...



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-09 23:45:58
Windows 5.1.2600 Service Pack 3
Running: gem.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxldypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB6B56226]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB6B557CA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB6B55E8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB6B56A7A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB6B556A6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB6B587BA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB6B58B50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB6B551EA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB6B56412]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB6B56606]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB6B5501C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB6B5712C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB6B5736A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB6B583F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB6B55A66]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB6B56068]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB6B56A6A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB6B54D00]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB6B55D16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB6B54E98]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB6B57552]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB6B57916]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB6B5772E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB6B56F44]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB6B57E8A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB6B5813E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB6B56842]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB6B585C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB6B56CCC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB6B55A00]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB6B55C02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB6B55544]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB6B553EA]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9884360, 0x20574D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[220] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchProtocolHost.exe[416] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[516] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchFilterHost.exe[604] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] shell32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] shell32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] shell32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe[628] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\windows\system\hpsysdrv.exe[652] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[720] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[780] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[908] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[932] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[944] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/CO

BC AdBot (Login to Remove)

 


#2 smm

smm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 10 May 2010 - 12:21 AM

PART 2 of GMER log file

.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1100] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1160] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1204] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 004EF2F0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1232] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1420] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1548] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1628] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\arservice.exe[1660] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehRecvr.exe[1728] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\eHome\ehSched.exe[1748] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!DeleteFileA

#3 smm

smm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 10 May 2010 - 12:24 AM

Part 3 of GMER log

.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1840] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] shell32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] shell32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] shell32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Administrator\Desktop\gem\gem.exe[1860] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1908] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2012] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\dllhost.exe[2344] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[2584] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2716] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[2860] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3128] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006E7F00 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

#4 smm

smm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 10 May 2010 - 12:26 AM

PART 4 of GMER log

.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[3340] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3504] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe[3516] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3540] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe[3576] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3672] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[3700] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[3708] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\explorer.exe[3720] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3976] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#5 smm

smm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 10 May 2010 - 12:29 AM

PART 5 -

HIJACK THIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 8:47:53 PM, on 5/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by The Artist
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1268668014843
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73CC8671-4E33-443C-940B-63320C607014}: NameServer = 64.122.32.71
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DF - Sysinternals - www.sysinternals.com - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\DF.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: RSNMTCF - Sysinternals - www.sysinternals.com - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\RSNMTCF.exe





HIJACK THIS - Start up list


StartupList report, 5/9/2010, 11:23:10 PM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup]
OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

COMODO Internet Security = "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RTHDCPL = RTHDCPL.EXE
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
nwiz = nwiz.exe /install
HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
hpqSRMon = C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
ftutil2 = rundll32.exe ftutil2.dll,SetWriteCacheMode
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HPBootOp = "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerPanel Personal Edition User Interaction = "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[KB910393] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{407408d4-94ed-4d86-ab69-a7f649d112ee}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= C:\WINDOWS\system32\guard32.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll - {0347C33E-8762-4905-BF09-768834316C61}
AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

--------------------------------------------------

Enumerating Task Scheduler jobs:

GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job

--------------------------------------------------

Enumerating Download Program Files:

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/microsoftu...b?1268668014843

[Java Plug-in 1.6.0_20]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Java Plug-in 1.6.0_20]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Java Plug-in 1.6.0_20]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_20.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\rsvpsp.dll
Protocol #15: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
aracpi: system32\DRIVERS\aracpi.sys (manual start)
MS Ar HID Filter Driver: system32\DRIVERS\arhidfltr.sys (manual start)
Microsoft PS2 Keyboard Filter: system32\DRIVERS\arkbcfltr.sys (manual start)
Microsoft PS2 Mouse Filter: system32\DRIVERS\armoucfltr.sys (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
ARPolicy: system32\DRIVERS\arpolicy.sys (manual start)
ARSVC: C:\WINDOWS\arservice.exe (autostart)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Promise driver accelerator: system32\DRIVERS\bb-run.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COMODO livePCsupport Service: "C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe" (autostart)
COMODO Internet Security Helper Service: "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" (autostart)
COMODO Internet Security Eradication Driver: System32\DRIVERS\cmderd.sys (system)
COMODO Internet Security Sandbox Driver: System32\DRIVERS\cmdguard.sys (system)
COMODO Internet Security Helper Driver: System32\DRIVERS\cmdhlp.sys (system)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DF: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\DF.exe (manual start)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (autostart)
epmntdrv: \??\C:\WINDOWS\system32\epmntdrv.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
EuGdiDrv: \??\C:\WINDOWS\system32\EuGdiDrv.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (manual start)
FLEXnet Licensing Service: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
ftsata2: system32\DRIVERS\ftsata2.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Update Service (gupdate): "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (autostart)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID UPS Battery Driver: system32\DRIVERS\HidBatt.sys (manual start)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
hpqcxs08: %SystemRoot%\system32\svchost.exe -k hpdevmgmt (manual start)
HP CUE DeviceDiscovery Service: %SystemRoot%\system32\svchost.exe -k hpdevmgmt (autostart)
HP Network Devices Support: %SystemRoot%\system32\svchost.exe -k HPService (autostart)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HSXHWBS2: system32\DRIVERS\HSXHWBS2.sys (manual start)
HSX_DP: system32\DRIVERS\HSX_DP.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (autostart)
COMODO Internet Security Firewall Driver: System32\DRIVERS\inspect.sys (system)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (disabled)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Media Center Extender Service: C:\WINDOWS\ehome\mcrdsvc.exe (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
Net Driver HPZ12: %SystemRoot%\System32\svchost.exe -k HPZ12 (autostart)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Network Monitor Driver: system32\DRIVERS\NMnt.sys (manual start)
NetGroup Packet Filter Driver: system32\drivers\npf.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NUID filter driver: system32\DRIVERS\NuidFltr.sys (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA nForce Networking Controller Driver: system32\DRIVERS\NVENETFD.sys (manual start)
NVIDIA Network Bus Enumerator: system32\DRIVERS\nvnetbus.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: %SystemRoot%\System32\svchost.exe -k HPZ12 (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
PORTMON: \??\C:\Documents and Settings\HP_Administrator\Desktop\SysinternalsSuite\PORTMSYS.SYS (manual start)
PowerPanel Personal Edition Service: "C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe" (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
PS2: system32\DRIVERS\PS2.sys (manual start)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
PSI: system32\DRIVERS\psi_mf.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Packet Capture Protocol v.0 (experimental): "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
RSNMTCF: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\RSNMTCF.exe (manual start)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{8DA84759-6C62-4695-9DB6-4789D64FAF43} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft Tun Miniport Adapter Driver: system32\DRIVERS\tunmp.sys (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Wdf01000: system32\DRIVERS\Wdf01000.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsx: system32\DRIVERS\HSX_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Search: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 38,161 bytes
Report generated in 0.265 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


#6 smm

smm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 10 May 2010 - 12:52 AM

LAST LOGS... DDS ( I also have the ATTACH.TXT file but I don't know how to attach it to this file. I also have the ADS SPY INFO, but that is also very, very long and would take up a few more posts...)


DDS (Ver_10-03-17.01) - NTFSx86
Run by Stevie Ray at 15:25:32.09 on Sun 05/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1428 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uWindow Title = Microsoft Internet Explorer provided by The Artist
uStart Page = hxxp://www.aol.com/
uSearch Bar = hxxp://google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [PowerPanel Personal Edition User Interaction] "c:\program files\cyberpower powerpanel personal edition\pppeuser.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoStartMenuEjectPC = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.com\download
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268668014843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {73CC8671-4E33-443C-940B-63320C607014} = 64.122.32.71
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\sn45lepv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-3-3 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-3-3 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-3-3 25240]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-3-3 1769216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-23 136176]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 DF;DF;c:\docume~1\hp_adm~1\locals~1\temp\DF.exe [2010-5-8 514944]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-3-10 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-3-10 8456]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PORTMON;PORTMON;\??\c:\documents and settings\hp_administrator\desktop\sysinternalssuite\portmsys.sys --> c:\documents and settings\hp_administrator\desktop\sysinternalssuite\PORTMSYS.SYS [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 RSNMTCF;RSNMTCF;c:\docume~1\hp_adm~1\locals~1\temp\RSNMTCF.exe [2010-5-8 351104]

=============== Created Last 30 ================

2010-05-09 20:20:23 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable
2010-05-09 01:38:02 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Safer Networking
2010-05-08 06:48:08 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-05-08 04:07:53 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Wireshark
2010-05-08 03:20:44 0 d-----w- c:\program files\WinPcap
2010-05-08 03:20:19 0 d-----w- c:\program files\Wireshark
2010-05-08 03:05:39 157 ----a-w- c:\windows\cavscan.INI
2010-05-07 17:09:39 12126387 ----a-w- c:\program files\SysinternalsSuite.zip
2010-05-07 17:08:53 0 d-----w- c:\program files\SysinternalsSuite
2010-05-06 15:09:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-05 20:30:25 0 d-----w- c:\program files\uTorrent
2010-05-05 20:29:25 0 d-----w- c:\docume~1\hp_adm~1\applic~1\uTorrent
2010-05-05 16:58:08 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Participatory Culture Foundation
2010-05-04 20:43:39 0 d-----w- c:\program files\common files\Macrovision Shared
2010-05-03 18:18:31 0 d-----w- c:\docume~1\hp_adm~1\applic~1\kompozer.net
2010-05-03 18:18:22 0 d-----w- c:\program files\KompoZer
2010-04-24 17:05:54 0 d--h--w- C:\VritualRoot
2010-04-22 20:02:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-22 19:27:01 0 d-----w- c:\docume~1\hp_adm~1\applic~1\OpenOffice.org
2010-04-22 17:30:11 0 d-----w- c:\program files\ThreatExpert Memory Scanner
2010-04-21 20:38:17 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-04-21 20:38:13 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-04-21 20:37:44 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-04-21 20:37:41 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-21 20:37:18 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-04-21 20:36:49 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2010-04-21 20:36:05 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-04-21 20:35:33 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2010-04-21 20:35:31 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-04-21 20:34:19 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-04-21 20:33:49 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2010-04-21 20:32:52 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-04-21 20:32:01 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2010-04-21 20:31:32 6912 ----a-w- c:\windows\system32\dllcache\smbclass.sys
2010-04-21 20:31:31 16000 ----a-w- c:\windows\system32\dllcache\smbbatt.sys
2010-04-21 20:31:15 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-04-21 20:30:08 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2010-04-21 20:29:51 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-04-21 20:29:03 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll
2010-04-21 20:29:02 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll
2010-04-21 20:28:45 79104 ----a-w- c:\windows\system32\dllcache\rocket.sys
2010-04-21 20:28:02 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2010-04-21 20:27:51 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2010-04-21 20:27:39 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
2010-04-21 20:27:36 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys
2010-04-21 20:27:09 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll
2010-04-21 20:27:08 28032 ----a-w- c:\windows\system32\dllcache\perm3.sys
2010-04-21 20:27:07 211584 ----a-w- c:\windows\system32\dllcache\perm2dll.dll
2010-04-21 20:27:06 27904 ----a-w- c:\windows\system32\dllcache\perm2.sys
2010-04-21 20:25:30 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2010-04-21 20:25:00 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-04-21 20:24:58 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-04-21 20:24:15 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-04-21 20:24:14 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-04-21 20:24:03 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-04-21 20:23:52 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-04-21 20:23:34 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-04-21 20:23:16 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2010-04-21 20:22:44 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys
2010-04-21 20:22:23 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-21 20:22:18 91136 ----a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-04-21 20:22:18 43008 ----a-w- c:\windows\system32\dllcache\ksxbar.ax
2010-04-21 20:22:17 61952 ----a-w- c:\windows\system32\dllcache\kstvtune.ax
2010-04-21 20:22:12 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2010-04-21 20:22:12 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll
2010-04-21 20:21:58 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-04-21 20:21:52 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-04-21 20:21:38 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll
2010-04-21 20:21:35 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe
2010-04-21 20:21:34 88192 ----a-w- c:\windows\system32\dllcache\irda.sys
2010-04-21 20:21:33 16384 ----a-w- c:\windows\system32\dllcache\ipsink.ax
2010-04-21 20:20:32 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2010-04-21 20:20:27 8576 ----a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-21 20:20:27 18560 ----a-w- c:\windows\system32\dllcache\i2omp.sys
2010-04-21 20:19:05 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys
2010-04-21 20:18:59 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys
2010-04-21 20:18:59 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys
2010-04-21 20:17:07 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax
2010-04-21 20:16:57 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
2010-04-21 20:16:54 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys
2010-04-21 20:15:54 249856 ----a-w- c:\windows\system32\dllcache\ctmasetp.dll
2010-04-21 20:15:37 13952 ----a-w- c:\windows\system32\dllcache\cmbatt.sys
2010-04-21 20:15:27 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-04-21 20:15:22 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-04-21 20:15:17 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll
2010-04-21 20:14:39 18432 ----a-w- c:\windows\system32\dllcache\bdaplgin.ax
2010-04-21 20:14:39 11776 ----a-w- c:\windows\system32\dllcache\bdasup.sys
2010-04-21 20:14:32 13696 ----a-w- c:\windows\system32\dllcache\avcstrm.sys
2010-04-21 20:14:31 38912 ----a-w- c:\windows\system32\dllcache\avc.sys
2010-04-21 20:13:53 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2010-04-21 20:13:52 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2010-04-21 19:22:59 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Windows Search
2010-04-21 18:18:06 2855 ----a-w- c:\windows\system32\command.PIF
2010-04-21 18:18:06 0 d--h--w- c:\windows\PIF
2010-04-20 18:56:19 0 d-----w- c:\program files\Safer Networking
2010-04-20 18:50:12 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-20 18:50:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-16 03:19:27 0 d-----w- C:\spoolerlogs
2010-04-14 05:28:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-14 03:16:37 0 d-----w- c:\program files\Jasc Software Inc
2010-04-11 18:38:28 0 d-----w- c:\program files\common files\SWF Studio
2010-04-11 16:14:34 0 d-----w- c:\program files\common files\Windows Live
2010-04-11 16:14:27 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Windows Desktop Search
2010-04-11 16:13:44 0 d-----w- c:\program files\Windows Desktop Search

==================== Find3M ====================

2010-05-09 20:24:00 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-04-21 20:22:51 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-21 20:22:47 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-21 20:22:46 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-04-21 20:22:45 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-06 16:56:03 1519616 ----a-w- c:\windows\system32\nwiz.exe
2010-03-30 05:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-18 02:20:41 154818 ----a-w- c:\windows\hpoins35.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 14:10:28 2189952 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 04:50:23 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\dllcache\tcpip6.sys

============= FINISH: 15:26:21.67 ===============


Some background... This is for a HP computer. We recently reformatted it to convert it from a work computer to a home computer. I have Comodo firewall. We are starting to build a website for our business, so I have been visiting sites for hosting and domain names websites. Although I thought I was safe with WOT, Firefox and Noscript. At the same time as all of this, I bought software for building the website on Ebay from a private seller. I got the software last week and wasn't able to install it, but not for the last of trying. There were issues with installing the second disk... I tried to uninstall and that didn't work. Frustrated, I tried to download a torrent for the software I bought, or at least I thought so... I have never did this before and tried to follow all of the rules to be safe, but... I think the problem started sooner than the torrent though. Maybe the person I bought the actual software and disks from, gave me my problem... I paid a fairly good price and am pisst as hell already for it not working in the first place.... Wouldn't that be the kicker. Sell me at least one coaster and possibly a rootkit, trojan or two.

Thanks,
Smm


Thank you for helping!

Edited by Orange Blossom, 13 May 2010 - 09:45 PM.
Move to log forum from AII. ~ OB


#7 smm

smm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 10 May 2010 - 01:00 AM

I am sorry, I think I posted to the wrong area. Can someone please move me if I did?

Thanks,
SMM

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 15 May 2010 - 10:31 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 smm

smm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 18 May 2010 - 02:49 PM

Hi,

Thank you for your response. I am sorry, I didn't see your reply until today. I ended up reformatting the computer a few days ago thinking that would take care of the problem. Unfortunately, I don't think it has.

Specifics about the computer:
HP-Pav a1648x
AMD athlon 64x2 (w) 4200+ 2.2ghz dual core processor
Bios Phoenix Award Bios CMOS 3.10 12/13/06 - core version 6.0
XP MCE 2005


Here is what I have done:

1. Erased HD by system recovery and back-up CD's (did this four separate times...)
2. After first time, I followed up with xp sp3 that I put on a disk. The computer wouldn't boot up, so I started over...
3. Tried to load Ubuntu and set up partitions (didn't work), so I started over again
4. I noticed a few things that seemed "odd" on the new "factory" reformat, but I'm not a computer guru. They are as follows:
a. I have many drivers and apps, particularly HP that are unsigned...some, however, are MS (ex: c:\cmdcons\system32\smss.exe).
b. Some apps are trying to run with elevated privileges or higher priority (ex: kbd.exe) When I looked in the kbd folder in my computer, there are hundreds of .htm files listed... (not sure what those are)
c. I have noticed files coming across the screen during scans that are not visible when I go looking for them. (ex: windows\xbox\...). I don't even own an xbox and never have.
d. There is already a DHCP server address associated with the HP en1207-D-TX PCI 10/100 Fast Ethernet card. This card MAC address is the same as the Nvidia Adapter NIC MAC address (maybe this is normal?). Both are different from the system information from HP.com on the a1648x, which is Integrated 10/100 base T networking Interface. (maybe okay?)
e. I tried to uninstall all of the garbage that comes prepackaged with the HP computers: HP games comes packaged with wildtangent and PConline... In the past, these have been flagged as malware. The problem is is that they don't completely uninstall as I have been finding them in individual user profiles, common files, and more. Even the Update HP.exe was flagged as malware prior to reformatting. It remains unsigned now.
f. I do not have a primary driver listed. I have the second driver as Cd-rom and the third as the hard-drive.
g. I wanted to reflash the bios, but HP wouldn't provide me with a flash utility. They said I need to go to an HP service center. There is an upgrade to the bios online, but wasn't sure if that would reflash everything, plus it starts in windows, not dos. I noticed the time was off on the bios, so I checked the battery. It was dead. I replaced the battery and disconnected the hard-drive to see how it affected the bios. It only affected the time, date and didn't include the HD. My bios screen is different than the ones I see online of the same type and version. I don't have the option for security or advanced options.
h. Lastly and the most interesting of all, is I clicked on system info inside of the PC Doc v5 Windows PE diagnostics screen (after hitting f10 on start-up), and under sys.info it lists the following:
1. Hard drive: ST3300822AS; controller: secondary controller - master drive; driver: c:\minint\disk.sys
2. Drive partition: HP_Recovery; drive letter: C; usable HD capacity: 8.83G; file system: Fat32
3. Drive partition: HP_Pav; drive letter: D; usable HD capacity: 270.61G; used 9.71 G; file system: NTFS
4. Drive partition: MS-RamDrive; drive letter: R; usable HD capacity: 1.98MB; file system: FAT
5. CD ROM: HL-DT-ST DVDRRW GSA-H20L; controller: master; drive letter: E

Now when I view my system inside of windows, the C and D drives are opposite of what's listed and the R drive doesn't show up at all.

I have not hooked up this computer to the web since reformatting, because I feel something is possibly still lurking inside somewhere.

Thanks,
Smm

PS-I will rerun some of the original reports you are looking for plus the OTL.exe. Although it may be later tonight.

Edited by smm, 18 May 2010 - 02:53 PM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 18 May 2010 - 05:39 PM

Hi,

what you describe sounds more like a hardware issue than a malware issue. Currently there are no infections that will survive a hard drive reformat, if you also redo partitions.
In addition a kernel level rootkit would require a kernel to work, this is part of the operating system. Since you removed the operating system, eg when using ubuntu, I don't see how the infection could have remained active.

cmdcons is the folder for the windows recovery console. It is legit.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 smm

smm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 18 May 2010 - 08:36 PM

Myrti,

I'm not what sure to think. The computer is old but then again, not that old. I re-ran some of the reports that are requested initially as well as the OTL one. Let me know how it looks.

Just a few notes: The greatmerlin.exe is the gmer.exe program and the manybrands.exe is mbr.exe program. You may see a sundae and tatortot files. Those are also renamed. The system time is incorrect. It is not quite 12 hours different. I set it last night, but must have been off on the AM-PM although that doesn't explain the additional 20 minutes... I put a new battery in.

I am seeing reference to windows 2000 and MS 2003 server...I don't have either of those. I haven't added any software to the computer since the reformat except for sysinternals suite and the few diagnostics ones.

Also, the Ubuntu OS never did load. I got it to only boot from the CD. I don't know if that makes a difference or not.

Once I ran the following reports, the system completely froze. I had to reboot and am having trouble moving around.



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-18 04:17:05
Windows 5.1.2600 Service Pack 2
Running: greatmerlin.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\fxliyaob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xBA1FD360, 0x20574D, 0xE8000020]
? C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 3:22:50.84 on Tue 05/18/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1673 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2010-05-18 04:34:24 14088 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2010-05-16 19:06:28 334720 ----a-w- C:\tatortots.scr.exe
2010-05-14 23:56:24 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HPQ
2010-05-14 23:29:11 0 d-----w- c:\windows\system32\appmgmt
2010-05-14 23:03:13 0 d-sh--r- C:\cmdcons
2010-05-14 23:03:10 0 d-----w- c:\windows\setup.pss
2010-05-14 23:02:15 1895 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_RK551AA-ABA a1648x_YC_0Pavi_QMXF650_E64NAemMPA7_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.10_T061213_WXP2_L409_M1983_J300_7AMD_8Athlon 64 X2 Dual Core_92.2_#100514_N_Z14F12F20_G10DE0241.MRK
2010-05-14 23:00:21 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Intuit
2010-05-14 22:56:37 180 ----a-w- c:\windows\system\hpsysdrv.DAT
2010-05-14 21:42:36 0 d-----r- c:\documents and settings\all users\Documents
2010-05-14 21:40:56 0 d-----r- c:\windows\Offline Web Pages
2010-05-14 21:38:25 0 d-sh--r- c:\windows\system32\dllcache

==================== Find3M ====================

2010-02-16 19:31:08 32 --sha-w- c:\windows\sminst\HPCD.SYS

============= FINISH: 3:23:02.68 ===============




Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


NOTE ON OTL. I WASN'T ABLE TO READ THE SECTION THAT YOU WANTED ME TO COPY AND PASTE. IT WAS COMPUTER CODE. So I ran the file without the extra scan stuff.

OTL logfile created on: 5/18/2010 7:31:25 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.61 Gb Total Space | 260.90 Gb Free Space | 96.41% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.95 Gb Free Space | 10.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINOFFICE
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (All) ==========

PRC - [2010/05/18 13:24:05 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
PRC - [2010/05/18 10:12:34 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\greatmerlin\greatmerlin.exe
PRC - [2006/08/18 02:06:12 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/06/13 22:05:26 | 016,239,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/05/09 17:50:00 | 000,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/12/15 22:14:40 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005/09/30 00:01:14 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/05 23:56:32 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/08/05 23:56:28 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
PRC - [2005/08/05 23:27:08 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005/08/03 02:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/02/17 09:11:42 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004/10/13 18:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/08/09 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/09 23:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2004/08/09 23:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2004/08/09 23:00:00 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2004/08/09 23:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2004/08/09 23:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2004/08/09 23:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2004/08/09 23:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2004/08/09 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2004/08/09 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2004/08/09 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2004/08/09 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2004/08/09 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2004/08/09 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2004/08/09 23:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/08/09 23:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2004/08/09 23:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2004/08/09 23:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe
PRC - [1998/05/07 11:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe


========== Modules (All) ==========

MOD - [2010/05/18 10:12:34 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2006/03/17 06:03:54 | 008,452,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2006/03/04 05:58:50 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2005/12/29 04:54:35 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2005/07/26 06:39:48 | 001,285,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2005/07/26 06:39:43 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2004/08/10 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/10 06:00:00 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2004/08/09 23:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2004/08/09 23:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2004/08/09 23:00:00 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2004/08/09 23:00:00 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2004/08/09 23:00:00 | 000,616,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2004/08/09 23:00:00 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2004/08/09 23:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2004/08/09 23:00:00 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2004/08/09 23:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2004/08/09 23:00:00 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2004/08/09 23:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2004/08/09 23:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2004/08/09 23:00:00 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2004/08/09 23:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2004/08/09 23:00:00 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2004/08/09 23:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/08/09 23:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2004/08/09 23:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2004/08/09 23:00:00 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2004/08/09 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2004/08/09 23:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2004/08/09 23:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


========== Win32 Services (All) ==========

SRV - [2006/08/18 02:06:12 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/09 17:50:00 | 000,131,139 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/12/15 22:14:40 | 000,237,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2005/08/05 23:56:32 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 23:27:08 | 000,099,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/08/04 04:29:52 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2005/08/04 04:29:52 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\MsPMSNSv.dll -- (WmdmPmSN)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/07/26 06:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2005/07/26 06:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2005/07/26 06:39:45 | 000,243,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2005/06/22 00:00:18 | 000,474,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2005/05/03 22:58:36 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2005/03/10 09:49:51 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2004/10/22 13:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/10 05:11:50 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mhn.dll -- (MHN)
SRV - [2004/08/09 23:00:00 | 000,616,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2004/08/09 23:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2004/08/09 23:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2004/08/09 23:00:00 | 000,333,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2004/08/09 23:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2004/08/09 23:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2004/08/09 23:00:00 | 000,267,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\fxssvc.exe -- (Fax)
SRV - [2004/08/09 23:00:00 | 000,246,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2004/08/09 23:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2004/08/09 23:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/09 23:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2004/08/09 23:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2004/08/09 23:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2004/08/09 23:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2004/08/09 23:00:00 | 000,174,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2004/08/09 23:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2004/08/09 23:00:00 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2004/08/09 23:00:00 | 000,150,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2004/08/09 23:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2004/08/09 23:00:00 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2004/08/09 23:00:00 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2004/08/09 23:00:00 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2004/08/09 23:00:00 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2004/08/09 23:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2004/08/09 23:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2004/08/09 23:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2004/08/09 23:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2004/08/09 23:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004/08/09 23:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004/08/09 23:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2004/08/09 23:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2004/08/09 23:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2004/08/09 23:00:00 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2004/08/09 23:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2004/08/09 23:00:00 | 000,090,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2004/08/09 23:00:00 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2004/08/09 23:00:00 | 000,089,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2004/08/09 23:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2004/08/09 23:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2004/08/09 23:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2004/08/09 23:00:00 | 000,073,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2004/08/09 23:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2004/08/09 23:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2004/08/09 23:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2004/08/09 23:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2004/08/09 23:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2004/08/09 23:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2004/08/09 23:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2004/08/09 23:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2004/08/09 23:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2004/08/09 23:00:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2004/08/09 23:00:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/08/09 23:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004/08/09 23:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2004/08/09 23:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2004/08/09 23:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2004/08/09 23:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2004/08/09 23:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2004/08/09 23:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2004/08/09 23:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2004/08/09 23:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2004/08/09 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\svchost.exe -- (HidServ)
SRV - [2004/08/09 23:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2004/08/09 23:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2004/08/09 23:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/09 23:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/09 23:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2004/08/09 23:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2004/08/09 23:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2004/08/09 23:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2004/08/09 23:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/09 23:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2004/07/15 11:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (intelppm)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2006/06/14 13:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/09 17:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/09 13:00:00 | 000,046,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 13:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 13:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 13:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/10/05 17:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/03 02:19:16 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arkbcfltr.sys -- (arkbcfltr)
DRV - [2005/08/03 02:19:16 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\armoucfltr.sys -- (armoucfltr)
DRV - [2005/08/03 02:19:14 | 000,022,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aracpi.sys -- (aracpi)
DRV - [2005/08/03 02:19:14 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arhidfltr.sys -- (arhidfltr)
DRV - [2005/08/03 02:19:14 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\arpolicy.sys -- (ARPolicy)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/21 03:52:55 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2005/05/10 02:17:51 | 000,332,544 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2005/03/31 03:13:52 | 000,027,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2005/03/14 02:55:08 | 000,359,808 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 06:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2005/01/08 03:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/28 03:13:58 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/10/09 01:48:21 | 000,262,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2004/08/10 06:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/10 06:00:00 | 000,092,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2004/08/10 06:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/10 06:00:00 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2004/08/10 06:00:00 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2004/08/10 06:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/10 06:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/10 06:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/10 06:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/10 06:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/10 06:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/10 04:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2004/08/09 23:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/09 23:00:00 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/09 23:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2004/08/09 23:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/09 23:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/09 23:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/09 23:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/09 23:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/09 23:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/08/09 23:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/09 23:00:00 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/09 23:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/09 23:00:00 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fltMgr.sys -- (FltMgr)
DRV - [2004/08/09 23:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/09 23:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/09 23:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/09 23:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/09 23:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2004/08/09 23:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/09 23:00:00 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2004/08/09 23:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/09 23:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/09 23:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/09 23:00:00 | 000,061,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ohci1394.sys -- (ohci1394)
DRV - [2004/08/09 23:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/09 23:00:00 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/09 23:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/09 23:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/09 23:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/09 23:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/09 23:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/09 23:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/09 23:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/09 23:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/09 23:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2004/08/09 23:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2004/08/09 23:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/09 23:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/09 23:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/09 23:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/09 23:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/09 23:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/09 23:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/09 23:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/09 23:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/09 23:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/09 23:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2004/08/09 23:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/09 23:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/09 23:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/09 23:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/09 23:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/09 23:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/09 23:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/09 23:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/09 23:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/09 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/09 23:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/09 23:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/09 23:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/09 23:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/09 23:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/09 23:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/09 23:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/09 23:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/09 23:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/09 23:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/09 23:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/09 23:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/09 23:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/09 23:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/04 09:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 09:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/04 09:08:38 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2004/08/04 09:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 09:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/04 09:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2004/08/04 09:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004/08/04 08:59:44 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2004/08/04 08:59:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2004/08/04 08:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/04 08:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/04 08:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/04 08:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/04 02:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 00:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/03 23:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/03 22:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/03 16:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2001/08/18 00:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 23:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pciide.sys -- (PCIIde)
DRV - [2001/08/17 07:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-343007561-2585015859-3900477102-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-343007561-2585015859-3900477102-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-343007561-2585015859-3900477102-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-343007561-2585015859-3900477102-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-343007561-2585015859-3900477102-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-343007561-2585015859-3900477102-1007\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-343007561-2585015859-3900477102-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-343007561-2585015859-3900477102-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-343007561-2585015859-3900477102-1007\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-343007561-2585015859-3900477102-1007..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343007561-2585015859-3900477102-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/11 23:10:23 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\Autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{95d494ed-5fab-11df-850e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{95d494ed-5fab-11df-850e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{95d494ed-5fab-11df-850e-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2006/03/17 06:03:54 | 008,452,096 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/18 03:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\greatmerlin
[2010/05/18 03:22:06 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/05/17 23:34:24 | 000,014,088 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP141.SYS
[2010/05/16 15:05:13 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\sundae.scr.exe
[2010/05/16 14:06:28 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\tatortots.scr.exe
[2010/05/15 12:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
[2010/05/15 12:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe
[2010/05/15 12:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
[2010/05/14 19:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Help
[2010/05/14 19:04:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/14 18:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
[2010/05/14 18:29:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/14 18:29:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/05/14 18:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sun
[2010/05/14 18:03:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2010/05/14 18:03:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/14 18:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010/05/14 18:00:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2010/05/14 18:00:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Cookies
[2010/05/14 18:00:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\SendTo
[2010/05/14 18:00:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Application Data
[2010/05/14 18:00:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu
[2010/05/14 18:00:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2010/05/14 18:00:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2010/05/14 18:00:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2010/05/14 18:00:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents
[2010/05/14 18:00:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Favorites
[2010/05/14 18:00:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Templates
[2010/05/14 18:00:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\PrintHood
[2010/05/14 18:00:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\NetHood
[2010/05/14 18:00:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings
[2010/05/14 18:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2010/05/14 18:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft
[2010/05/14 18:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
[2010/05/14 18:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2010/05/14 18:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop
[2010/05/14 18:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory
[2010/05/14 18:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/05/14 18:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\WINDOWS
[2010/05/14 17:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/14 17:55:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/14 16:43:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/05/14 16:43:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/05/14 16:42:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/05/14 16:42:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/05/14 16:42:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/05/14 16:41:01 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/05/14 16:40:56 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/05/14 16:38:25 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/30 11:43:02 | 000,261,496 | ---- | C] (Sysinternals) -- C:\Documents and Settings\HP_Administrator\Desktop\logonsessions.exe
[2010/04/27 11:04:06 | 000,383,352 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\livekd.exe
[2010/04/27 11:04:06 | 000,381,816 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\PsExec.exe
[2010/04/27 11:04:06 | 000,333,176 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\PsGetsid.exe
[2010/04/27 11:04:06 | 000,322,936 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\accesschk.exe
[2010/04/27 11:04:06 | 000,178,040 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\psloglist.exe
[2010/04/27 11:04:04 | 000,390,520 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\PsInfo.exe
[2010/04/27 11:04:04 | 000,231,288 | ---- | C] (Sysinternals) -- C:\Documents and Settings\HP_Administrator\Desktop\PsList.exe
[2010/04/27 11:04:04 | 000,183,160 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\PsLoggedon.exe
[2010/04/27 11:04:04 | 000,169,848 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\PsService.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/18 14:57:47 | 003,690,693 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/05/18 13:26:30 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\greatmerlin.zip
[2010/05/18 13:25:32 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/05/18 13:24:05 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/05/18 13:15:42 | 000,077,312 | ---- | M] () -- C:\manybrands.exe
[2010/05/18 13:15:42 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\manybrands.exe
[2010/05/18 10:12:34 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/05/18 03:31:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/05/18 03:21:34 | 000,000,180 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/05/18 03:21:00 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/18 03:20:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/18 03:20:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/18 03:20:50 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/18 00:59:53 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/05/18 00:59:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/05/17 23:34:24 | 000,014,088 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP141.SYS
[2010/05/17 23:21:18 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2010/05/16 15:05:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\settings.dat
[2010/05/16 12:02:39 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\sundae.scr.exe
[2010/05/16 00:12:28 | 005,829,882 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/05/14 19:50:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/14 19:23:29 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CustomPhoto.lnk
[2010/05/14 18:12:08 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/14 18:12:08 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/14 18:12:08 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/14 18:02:17 | 000,001,895 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RK551AA-ABA a1648x_YC_0Pavi_QMXF650_E64NAemMPA7_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.10_T061213_WXP2_L409_M1983_J300_7AMD_8Athlon 64 X2 Dual Core_92.2_#100514_N_Z14F12F20_G10DE0241.MRK
[2010/05/14 18:00:08 | 000,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/14 17:59:36 | 000,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/14 17:59:33 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/05/14 17:58:58 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/05/14 17:56:05 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/30 11:43:02 | 000,261,496 | ---- | M] (Sysinternals) -- C:\Documents and Settings\HP_Administrator\Desktop\logonsessions.exe
[2010/04/27 11:04:06 | 000,383,352 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\livekd.exe
[2010/04/27 11:04:06 | 000,381,816 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\PsExec.exe
[2010/04/27 11:04:06 | 000,333,176 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\PsGetsid.exe
[2010/04/27 11:04:06 | 000,322,936 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\accesschk.exe
[2010/04/27 11:04:06 | 000,178,040 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\psloglist.exe
[2010/04/27 11:04:04 | 000,390,520 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\PsInfo.exe
[2010/04/27 11:04:04 | 000,231,288 | ---- | M] (Sysinternals) -- C:\Documents and Settings\HP_Administrator\Desktop\PsList.exe
[2010/04/27 11:04:04 | 000,183,160 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\PsLoggedon.exe
[2010/04/27 11:04:04 | 000,169,848 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\Desktop\PsService.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 03:33:44 | 000,077,312 | ---- | C] () -- C:\manybrands.exe
[2010/05/18 03:31:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/05/18 03:22:06 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/05/18 03:22:06 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\greatmerlin.zip
[2010/05/18 03:22:06 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\manybrands.exe
[2010/05/18 03:22:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/05/18 03:22:04 | 003,690,693 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/05/18 03:20:50 | 2078,855,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/16 15:05:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\settings.dat
[2010/05/14 19:23:29 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CustomPhoto.lnk
[2010/05/14 18:16:55 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\LuResult.txt
[2010/05/14 18:03:26 | 000,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2010/05/14 18:03:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/05/14 18:02:15 | 000,001,895 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RK551AA-ABA a1648x_YC_0Pavi_QMXF650_E64NAemMPA7_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.10_T061213_WXP2_L409_M1983_J300_7AMD_8Athlon 64 X2 Dual Core_92.2_#100514_N_Z14F12F20_G10DE0241.MRK
[2010/05/14 18:00:23 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2010/05/14 18:00:20 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/05/14 18:00:20 | 000,045,056 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG
[2010/05/14 18:00:20 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/05/14 17:59:33 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/05/14 17:59:33 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/05/14 17:59:31 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL 3 Months Included.lnk
[2010/05/14 17:59:31 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay.lnk
[2010/05/14 17:59:31 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2010/05/14 17:59:31 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get Vonage.lnk
[2010/05/14 17:59:31 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3 Month Trial AOL Music Now.lnk
[2010/05/14 17:59:31 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Snapfish for your photos.lnk
[2010/05/14 17:59:31 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken New User Edition 2006.lnk
[2010/05/14 17:59:31 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Extended Service Plans.lnk
[2010/05/14 17:56:37 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2006/11/11 23:39:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/11 23:19:46 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/11/11 23:13:51 | 000,014,318 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/11/11 23:13:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/11/11 23:10:40 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/11/11 22:58:55 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/11 22:58:16 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/11/11 22:52:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/11/11 22:49:38 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/11/11 22:49:38 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/11/11 22:49:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/11 22:49:37 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/11/11 22:49:37 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/11/11 22:49:37 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/11/11 22:49:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/11 22:48:12 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/11/11 22:26:35 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/11/11 22:26:35 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/11/11 22:26:18 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 13:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 23:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/09 23:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/07/26 09:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
< End of report >


OTL Extras logfile created on: 5/18/2010 7:31:25 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.61 Gb Total Space | 260.90 Gb Free Space | 96.41% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.95 Gb Free Space | 10.77% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINOFFICE
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:192.168.1.0/255.255.255.0:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:192.168.1.0/255.255.255.0:Disabled:Updates from HP -- (Hewlett-Packard)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:LocalSubNet:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2AEABBDC-89E6-4AE2-BF99-DA6D188D6F7C}" = LightScribe 1.4.113.1
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"AwayMode160" = Microsoft Away Mode
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Windows Media Format Runtime" = Windows Media Format Runtime

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 5/18/2010 2:03:33 AM | Computer Name = MAINOFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/18/2010 2:04:30 AM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 5/18/2010 2:04:30 AM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/18/2010 2:04:30 AM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 5/18/2010 2:04:30 AM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/18/2010 2:04:30 AM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 5/18/2010 2:07:17 AM | Computer Name = MAINOFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/18/2010 7:25:58 AM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the PolicyAgent service.

Error - 5/18/2010 8:00:38 AM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the PolicyAgent service.

Error - 5/18/2010 8:01:08 AM | Computer Name = MAINOFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the PolicyAgent service.


< End of report >


The Attach.zip is attached.

Thanks,
Smm

Attached Files



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 19 May 2010 - 08:53 AM

Hi,

the logs are clean. Since you reformatted and the MBR is clean, I highly doubt that you are currently infected.

The mention of windows 2000 and MS 2003 server is due to the fact that some of the drivers used in XP are the same as for 2003 server or windows 2000 and hence the same files are being used. So that you can see files that are for windows 2000 in name being run on windows XP too.
kbd is a keyboard utility, as far as I know. It is quite possible that it requests high priority so that you can get your input through to the OS. It would not be allowed to read input directly from your keyboard if it ran with limited rights.
I believe that Wildtangent has been declassified as malware. However it is not uncommon to see that uninstallers do a "bad" job. You will quite often see leftovers after running an uninstall, indepedent of what program it is.

MS would like to see all files signed however, many files today still aren't signed.
As far as I know MS only forces drivers on 64bit Vista and higher systems to be signed, so it is perfectly normal to find unsigned files on a Windows XP

I would also advise not to flash the BIOS unless absolutely needed. It doesn't seem to be needed here right now.
Regarding your drives I don't think that's an issue either. A RAM drive is additional space on your hard disk which is used like RAM, it is nothing you will have acces too once your PC is booted in Windows because your OS will manage the RAM drive.
Driveletters are nothing fix. You can have them reassigned with programs when you want.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 smm

smm
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 19 May 2010 - 11:11 AM

Thank you. I appreciate you looking everything over. It certainly gives me a peace of mind.

Smm

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 19 May 2010 - 12:52 PM

Hi,

you're welcome. To finish cleaning up your PC, please update your Adobe Reader. The version you have currently installed is very outdated and should be replaced by version 9.3.2. Let me know if you run into any problems doing this.

regards myrti

Hi,

you're welcome. To finish cleaning up your PC, please update your Adobe Reader. The version you have currently installed is very outdated and should be replaced by version 9.3.2. Let me know if you run into any problems doing this.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 26 May 2010 - 10:47 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users