Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Me & my blue screen of death


  • This topic is locked This topic is locked
18 replies to this topic

#1 bobpsmith

bobpsmith

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 10 May 2010 - 06:37 PM

Last night my computer started to run VERY slowly and would give me box titled Microsoft Windows saying "the program has become unstable" and would give me the option to "end" or "wait." I restarted, but the computer continued to behave badly, crashing over the smallest of tasks such as opening a file or folder. After getting the aforementioned box a few times I found that if I clicked end (the screen would change to a full-screen view of the desktop wallpaper and then slowly add back the icons and the rest of what was opened) things would speed up for a bit before returning to it's former bad mood. I tried to run MalwareBytes, but it stopped at 3 minutes and 32 seconds twice, so I ran it in safemode and it worked, but it found nothing (quick scan all three times). If I let the computer sit for about an hour or so the internet (firefox), opening txt docs and folders etc., etc., starts to run a bit more smoothly.

After reading your prep guide I ran the programs listed, only GMER didn't fail at all, but all of them did finish on the 2nd or 3rd try. Before I could post I got the Blue happy screen of wonderful marshmallow goodness, I let it do it's thing and here are the details it sit out when the computer restarted:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: f4
BCP1: 00000003
BCP2: 8727A020
BCP3: 8727A16C
BCP4: 8243C710
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini051010-01.dmp
C:\Users\The Matrix Gang\AppData\Local\temp\WER-149916-0.sysdata.xml
C:\Users\The Matrix Gang\AppData\Local\temp\WER37B2.tmp.version.txt

Comodo firewall gave me a few "Failed to show balloon!..." messages and when I tried to open a Word doc the computer tried to install something.

The ark.txt file is 616kb and over the 512k limit so I am unable to attach here so you will have to tell me what to do with it if you want it. Well on with the Log files I CAN give you...

======================================================


DDS (Ver_10-03-17.01) - NTFSx86
Run by The Matrix Gang at 15:02:57.89 on Mon 05/10/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1757 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\The Matrix Gang\Desktop\gmer\gmer.exe
C:\Users\The Matrix Gang\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Google Update] "c:\users\the matrix gang\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [Windows Mobile Device Center] "c:\windows\windowsmobile\wmdc.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\themat~1\appdata\roaming\mozilla\firefox\profiles\lqsvmaa8.default\
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\users\the matrix gang\appdata\roaming\mozilla\firefox\profiles\lqsvmaa8.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\users\the matrix gang\appdata\roaming\mozilla\firefox\profiles\lqsvmaa8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\users\the matrix gang\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\the matrix gang\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2009-8-27 110624]
R0 CBUfs;CBUFS;c:\windows\system32\drivers\cbufs.sys [2009-8-27 107040]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-25 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-25 29520]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 149040]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-4 361808]
R2 SynchronizationService.exe;Synchronization Service;c:\program files\comodo\comodo backup\SynchronizationService.exe [2009-8-27 232448]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]
S2 gupdate1c9ada66d91c090;Google Update Service (gupdate1c9ada66d91c090);c:\program files\google\update\GoogleUpdate.exe [2009-3-25 133104]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-4 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 LLRING0;LLRING0;c:\users\the matrix gang\downloads\champs stuff\mu stuff\fortressmu 2010 muguard\muguard\llck2.sys [2010-4-3 4096]
S3 THZWPEPDF;THZWPEPDF;c:\users\themat~1\appdata\local\temp\THZWPEPDF.exe [2009-11-14 519040]
S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\webrootsecurity\spysweeper.exe" --> c:\program files\webroot\webrootsecurity\SpySweeper.exe [?]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-05-10 17:36:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 17:36:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 17:36:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 17:19:21 20 ----a-w- c:\users\the matrix gang\defogger_reenable
2010-05-04 05:59:28 0 d-----w- c:\program files\common files\PX Storage Engine
2010-05-04 05:58:16 0 d-----w- c:\program files\common files\DivX Shared
2010-05-04 05:57:02 0 d-----w- c:\program files\DivX
2010-05-04 05:56:29 0 d-----w- c:\programdata\DivX
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-04-18 03:21:12 314522433 ----a-w- c:\windows\MEMORY.DMP
2010-04-18 01:53:40 49152 ----a-w- c:\windows\system32\mumsg._ll
2010-04-18 01:53:40 381010 ----a-w- c:\windows\system32\wz_zp._ll
2010-04-18 01:53:40 26 ----a-w- c:\windows\system32\config.ini
2010-04-18 01:53:40 1716 ----a-w- c:\windows\system32\message._tf
2010-04-16 18:20:21 0 d-----w- c:\windows\system32\MuGuard
2010-04-16 18:20:10 0 d-----w- c:\windows\system32\Data
2010-04-14 10:26:04 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 10:26:03 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 10:26:03 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 10:25:57 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 10:25:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 10:25:56 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 10:25:47 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 10:25:47 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 10:25:43 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 10:25:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 10:25:25 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 10:18:05 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 10:18:01 172032 ----a-w- c:\windows\system32\wintrust.dll

==================== Find3M ====================

2010-05-10 18:34:43 66309 ----a-w- c:\programdata\nvModes.dat
2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-03-27 17:13:03 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-27 17:13:02 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-12 04:01:19 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-28 22:49:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-11 14:33:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-11-11 14:33:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111120091112\index.dat
2010-01-29 12:20:06 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-11 14:33:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat
2008-08-04 15:03:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:06:12.31 ===============

Edited by bobpsmith, 10 May 2010 - 07:09 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:38 AM

Posted 12 May 2010 - 03:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 bobpsmith

bobpsmith
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 13 May 2010 - 07:52 AM

OK, the first time I ran it OTL crashed, but second time it worked...

OTL logfile created on: 5/12/2010 10:07:40 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\The Matrix Gang\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.03 Gb Total Space | 21.12 Gb Free Space | 9.47% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.71 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CUJO
Current User Name: The Matrix Gang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 20:17:00 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\The Matrix Gang\Desktop\OTL.exe
PRC - [2010/05/12 16:09:30 | 002,017,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/05/09 21:44:49 | 000,321,328 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/09 22:03:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/17 01:35:49 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/12/17 01:35:37 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 19:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/12/01 09:55:10 | 000,066,560 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/08/27 14:30:18 | 000,232,448 | ---- | M] () -- C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 20:17:00 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\The Matrix Gang\Desktop\OTL.exe
MOD - [2009/12/17 01:36:22 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (WebrootSpySweeperService)
SRV - [2009/12/17 01:35:37 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/01 09:55:10 | 000,066,560 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/11/14 19:34:51 | 000,519,040 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\The Matrix Gang\AppData\Local\temp\THZWPEPDF.exe -- (THZWPEPDF)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/27 14:30:18 | 000,232,448 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe -- (SynchronizationService.exe)
SRV - [2009/05/23 20:07:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/02/23 15:58:54 | 001,025,288 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco Perfect Disk 10\PDEngine.exe -- (PDEngine)
SRV - [2009/02/23 15:58:52 | 000,922,888 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco Perfect Disk 10\PDAgent.exe -- (PDAgent)
SRV - [2008/04/26 04:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/05/12 16:09:30 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/12 16:09:30 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/05/12 16:09:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/04/26 16:28:54 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\The Matrix Gang\Downloads\Champs stuff\MU stuff\fortressmu 2010 muguard\MuGuard\llck2.sys -- (LLRING0)
DRV - [2009/12/17 01:37:18 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2009/12/17 01:36:21 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/12/17 01:36:20 | 000,128,376 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009/12/02 16:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/12/02 16:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/12/01 09:55:10 | 000,119,296 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/08/27 14:49:08 | 000,107,040 | ---- | M] (COMODO Security Solutions Inc.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\CBUFS.sys -- (CBUfs)
DRV - [2009/08/27 14:38:54 | 000,110,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\drivers\bdisk.sys -- (bdisk)
DRV - [2009/08/21 21:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/23 23:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/11 19:56:07 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/01/09 10:49:06 | 000,071,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 14:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 18:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/04/17 14:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/29 09:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/31 21:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 21:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 21:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
IE - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.4
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.5.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 14:35:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 22:04:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/28 19:21:10 | 000,000,000 | ---D | M]

[2008/11/08 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\The Matrix Gang\AppData\Roaming\Mozilla\Extensions
[2010/05/12 20:52:54 | 000,000,000 | ---D | M] -- C:\Users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions
[2009/07/19 07:53:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 12:02:03 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/03/22 20:07:59 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/01/26 12:42:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/25 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions\chenyanxu8821@163.com
[2009/11/29 20:16:31 | 000,000,000 | ---D | M] -- C:\Users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions\illimitux@illimitux.net
[2010/03/27 11:28:01 | 000,000,000 | ---D | M] -- C:\Users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions\SkipScreen@SkipScreen
[2009/05/17 20:22:35 | 000,001,976 | ---- | M] () -- C:\Users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\searchplugins\rapidshare-google-arama.xml
[2010/05/09 23:08:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/10 03:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2005/11/03 21:54:06 | 000,000,731 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (Z2가㫏盁 摷杩獥⹴汤l@뻯㬏麏㬏麏&) - File not found
O30 - LSA: Security Packages - (Ƿ) - File not found
O30 - LSA: Security Packages - (D) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 14:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6c850fe9-fc9a-11de-b337-001d727ab8e7}\Shell - "" = AutoRun
O33 - MountPoints2\{6c850fe9-fc9a-11de-b337-001d727ab8e7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6d690141-ae69-11dd-b84e-001d727ab8e7}\Shell - "" = AutoRun
O33 - MountPoints2\{6d690141-ae69-11dd-b84e-001d727ab8e7}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8a9a0fba-a49a-11de-8a01-d98acc76ba61}\Shell - "" = AutoRun
O33 - MountPoints2\{8a9a0fba-a49a-11de-8a01-d98acc76ba61}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d55ed894-af86-11dd-b761-001d727ab8e7}\Shell - "" = AutoRun
O33 - MountPoints2\{d55ed894-af86-11dd-b761-001d727ab8e7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1015409599-2479617579-3599464290-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {81C57354-1A81-5870-B261-94B4CCDB2411} - Microsoft VM
ActiveX: {843D6B62-ADF3-4036-B7F4-79AD8EE0ED5D} - Microsoft VM
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FCD1E18C-9780-FBE7-9014-79BD7AC078AE} - Viewpoint Media Player
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IV50 - C:\Windows\System32\Ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 20:16:46 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\The Matrix Gang\Desktop\OTL.exe
[2010/05/12 03:04:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/12 00:30:52 | 000,000,000 | ---D | C] -- C:\Users\The Matrix Gang\AppData\Roaming\SUPERAntiSpyware.com
[2010/05/12 00:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/12 00:23:09 | 000,000,000 | ---D | C] -- C:\Users\The Matrix Gang\Documents\Egosoft
[2010/05/12 00:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\EGOSOFT
[2010/05/10 20:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010/05/10 14:44:30 | 000,000,000 | ---D | C] -- C:\Users\The Matrix Gang\Desktop\gmer
[2010/05/10 13:36:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/10 13:36:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/10 13:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 01:59:46 | 000,000,000 | ---D | C] -- C:\Users\The Matrix Gang\AppData\Roaming\DivX
[2010/05/04 01:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/05/04 01:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/05/04 01:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/05/04 01:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/29 19:11:02 | 000,000,000 | ---D | C] -- C:\Users\The Matrix Gang\Desktop\code_files
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/16 14:20:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\MuGuard
[2010/04/16 14:20:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data
[2010/04/15 08:32:50 | 000,000,000 | ---D | C] -- C:\Users\The Matrix Gang\Desktop\Attach
[2010/04/15 07:35:39 | 000,000,000 | ---D | C] -- C:\Users\The Matrix Gang\Desktop\ruthcalabria.aspx_files
[2010/04/15 07:35:06 | 000,000,000 | ---D | C] -- C:\Users\The Matrix Gang\Desktop\petercalabria.aspx_files
[2010/04/14 06:25:47 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/14 06:25:47 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/14 06:25:43 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/14 06:25:25 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/14 06:25:25 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[9 C:\Users\The Matrix Gang\Documents\*.tmp files -> C:\Users\The Matrix Gang\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/12 22:12:05 | 004,980,736 | -HS- | M] () -- C:\Users\The Matrix Gang\NTUSER.DAT
[2010/05/12 22:04:55 | 000,066,309 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/12 22:04:52 | 000,066,309 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/12 22:04:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/12 22:04:12 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 22:04:12 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 21:36:35 | 000,524,288 | -HS- | M] () -- C:\Users\The Matrix Gang\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/12 21:36:35 | 000,065,536 | -HS- | M] () -- C:\Users\The Matrix Gang\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/12 21:32:46 | 002,973,902 | -H-- | M] () -- C:\Users\The Matrix Gang\AppData\Local\IconCache.db
[2010/05/12 21:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/12 21:20:11 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1015409599-2479617579-3599464290-1000UA.job
[2010/05/12 20:17:00 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\The Matrix Gang\Desktop\OTL.exe
[2010/05/12 20:14:42 | 000,016,011 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\LEASE.docx
[2010/05/12 19:56:12 | 000,015,345 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\SOCIAL RELATIONSHIP AGREEMENT.docx
[2010/05/12 19:49:42 | 001,487,774 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\A THEORY OF LANGUAGE AND INFORMATIO1.docx
[2010/05/12 17:55:38 | 000,002,587 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\Microsoft Word.lnk
[2010/05/12 16:49:45 | 000,017,303 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Hi Vicki.docx
[2010/05/12 16:03:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/12 16:03:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/12 16:03:04 | 2951,012,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 14:55:25 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1015409599-2479617579-3599464290-1000Core.job
[2010/05/12 00:30:57 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/11 10:10:29 | 000,016,627 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Bored with waiting for our malevolent landlady.docx
[2010/05/10 20:17:09 | 000,001,990 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\HiJackThis.lnk
[2010/05/10 20:12:38 | 001,402,880 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\HiJackThis.msi
[2010/05/10 18:51:55 | 723,405,137 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/10 18:23:49 | 000,634,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/10 18:23:49 | 000,117,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/10 18:23:48 | 000,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/10 13:36:41 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/10 13:19:58 | 000,000,020 | ---- | M] () -- C:\Users\The Matrix Gang\defogger_reenable
[2010/05/10 13:12:44 | 000,284,915 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\gmer.zip
[2010/05/10 13:10:45 | 000,525,824 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\dds.scr
[2010/05/10 11:29:19 | 000,079,872 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2010/05/09 23:30:51 | 000,188,928 | ---- | M] () -- C:\Users\The Matrix Gang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/04 16:55:29 | 002,335,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/04 02:00:35 | 000,001,404 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\DivX Movies.lnk
[2010/05/04 01:59:43 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/05/04 01:59:06 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/05/01 18:01:48 | 000,015,674 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\May 3.docx
[2010/05/01 12:41:04 | 003,930,112 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Capture(2).mpg
[2010/05/01 12:29:04 | 058,873,856 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\TEST2.mpg
[2010/05/01 12:27:44 | 059,777,024 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\TEST1.mpg
[2010/05/01 12:11:56 | 000,007,224 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Shotgunshot3.wav
[2010/05/01 12:11:26 | 000,009,272 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\ShotgunShot2.wav
[2010/05/01 12:10:52 | 000,002,104 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\ShotgunShot1.wav
[2010/05/01 12:10:32 | 000,004,152 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\gunshot2.wav
[2010/05/01 12:09:50 | 000,001,080 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\gunshot1.wav
[2010/05/01 12:05:55 | 000,514,104 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\FIGHTAh.wav
[2010/05/01 12:02:40 | 000,019,156 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\Blake Meyer.docx
[2010/04/30 20:00:37 | 000,022,581 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Joanna.docx
[2010/04/30 10:18:21 | 000,364,600 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\right.wav
[2010/04/30 10:17:49 | 000,431,160 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\left.wav
[2010/04/30 10:17:20 | 000,268,344 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\center.wav
[2010/04/30 10:16:29 | 000,686,136 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Capture(3).wav
[2010/04/30 10:15:25 | 000,815,160 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Capture(2).wav
[2010/04/30 10:13:20 | 002,475,064 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Capture(1).wav
[2010/04/30 10:07:14 | 003,698,744 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Capture(0).wav
[2010/04/30 10:03:40 | 001,786,936 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Capture.wav
[2010/04/30 10:01:47 | 000,365,624 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\YurA.wav
[2010/04/29 19:11:07 | 000,023,146 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\code.html
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 19:21:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/24 13:31:09 | 000,019,005 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Don.docx
[2010/04/23 14:36:09 | 000,020,211 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Is Cancer Being Overdiagnosed.docx
[2010/04/19 00:01:24 | 013,031,028 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\The Mathematics of Meaningful Information.avi
[2010/04/18 23:45:30 | 066,299,322 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\ANOTHER long capater 00_00_00-00_19_17.07.avi
[2010/04/18 23:29:41 | 000,000,824 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\Format Factory.lnk
[2010/04/18 23:20:50 | 001,374,026 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\A GENERAL THEORY OF INFORMATION.docx
[2010/04/18 23:02:45 | 1593,806,848 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\ANOTHER long capater.mpg
[2010/04/18 18:12:41 | 359,565,312 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Capture(1).mpg
[2010/04/18 18:04:11 | 207,130,624 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Capture(0).mpg
[2010/04/18 17:35:55 | 090,931,200 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Capture.mpg
[2010/04/18 15:13:54 | 431,329,280 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\Script(not very awesome).mpg
[2010/04/18 14:27:39 | 915,163,136 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\LONG Capture.mpg
[2010/04/18 14:09:38 | 029,095,936 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\LOL.mpg
[2010/04/17 21:53:40 | 000,000,026 | ---- | M] () -- C:\Windows\System32\config.ini
[2010/04/15 18:50:43 | 000,000,162 | -H-- | M] () -- C:\Users\The Matrix Gang\Documents\~$THEORY OF LANGUAGE AND INFORMATIO1.docx
[2010/04/15 09:02:41 | 000,000,162 | -H-- | M] () -- C:\Users\The Matrix Gang\Documents\~$GENERAL THEORY OF INFORMATION.docx
[2010/04/15 08:54:23 | 000,021,732 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\TO DON.docx
[2010/04/15 07:58:03 | 000,054,278 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\SF Chronicle.docx
[2010/04/15 07:35:44 | 000,006,006 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\ruthcalabria.aspx.htm
[2010/04/15 07:35:09 | 000,006,046 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\petercalabria.aspx.htm
[2010/04/15 06:21:03 | 001,350,383 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\GENERAL THEORY.docx
[2010/04/15 03:02:07 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/04/14 19:52:07 | 001,022,976 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2010/04/14 19:52:07 | 000,543,744 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2010/04/14 06:37:30 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/13 15:25:41 | 000,043,520 | ---- | M] () -- C:\Users\The Matrix Gang\Desktop\Function Calc.xls
[2010/04/12 22:41:51 | 000,031,384 | ---- | M] () -- C:\Users\The Matrix Gang\Documents\butane and isobutane.docx
[9 C:\Users\The Matrix Gang\Documents\*.tmp files -> C:\Users\The Matrix Gang\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 10:01:31 | 000,017,303 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Hi Vicki.docx
[2010/05/12 09:25:43 | 000,015,345 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\SOCIAL RELATIONSHIP AGREEMENT.docx
[2010/05/12 00:30:57 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/11 10:01:14 | 000,016,627 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Bored with waiting for our malevolent landlady.docx
[2010/05/10 20:17:09 | 000,001,990 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\HiJackThis.lnk
[2010/05/10 20:11:46 | 001,402,880 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\HiJackThis.msi
[2010/05/10 14:33:42 | 2951,012,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/10 13:36:41 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/10 13:19:21 | 000,000,020 | ---- | C] () -- C:\Users\The Matrix Gang\defogger_reenable
[2010/05/10 13:14:08 | 000,525,824 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\dds.scr
[2010/05/10 13:14:08 | 000,284,915 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\gmer.zip
[2010/05/10 13:14:08 | 000,050,477 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\Defogger.exe
[2010/05/04 02:00:34 | 000,001,404 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\DivX Movies.lnk
[2010/05/04 01:59:43 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010/05/04 01:59:06 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010/05/03 11:03:54 | 000,016,011 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\LEASE.docx
[2010/05/01 16:42:27 | 000,015,674 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\May 3.docx
[2010/05/01 12:40:57 | 003,930,112 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Capture(2).mpg
[2010/05/01 12:28:08 | 058,873,856 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\TEST2.mpg
[2010/05/01 12:26:48 | 059,777,024 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\TEST1.mpg
[2010/05/01 12:11:25 | 000,009,272 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\ShotgunShot2.wav
[2010/05/01 12:11:25 | 000,007,224 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Shotgunshot3.wav
[2010/05/01 12:10:32 | 000,004,152 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\gunshot2.wav
[2010/05/01 12:10:32 | 000,002,104 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\ShotgunShot1.wav
[2010/05/01 12:09:49 | 000,001,080 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\gunshot1.wav
[2010/05/01 12:05:19 | 000,514,104 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\FIGHTAh.wav
[2010/05/01 12:02:39 | 000,019,156 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\Blake Meyer.docx
[2010/04/30 10:18:09 | 000,364,600 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\right.wav
[2010/04/30 10:17:11 | 000,431,160 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\left.wav
[2010/04/30 10:17:11 | 000,268,344 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\center.wav
[2010/04/30 10:16:07 | 000,686,136 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Capture(3).wav
[2010/04/30 10:14:59 | 000,815,160 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Capture(2).wav
[2010/04/30 10:12:02 | 002,475,064 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Capture(1).wav
[2010/04/30 10:05:17 | 003,698,744 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Capture(0).wav
[2010/04/30 10:02:29 | 001,786,936 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Capture.wav
[2010/04/30 10:01:35 | 000,365,624 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\YurA.wav
[2010/04/29 19:11:01 | 000,023,146 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\code.html
[2010/04/29 05:22:05 | 1593,806,848 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\ANOTHER long capater.mpg
[2010/04/24 13:30:09 | 000,019,005 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Don.docx
[2010/04/23 14:36:09 | 000,020,211 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Is Cancer Being Overdiagnosed.docx
[2010/04/19 00:00:17 | 013,031,028 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\The Mathematics of Meaningful Information.avi
[2010/04/18 23:37:39 | 066,299,322 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\ANOTHER long capater 00_00_00-00_19_17.07.avi
[2010/04/18 23:29:41 | 000,000,824 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\Format Factory.lnk
[2010/04/18 18:05:32 | 359,565,312 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Capture(1).mpg
[2010/04/18 18:01:08 | 207,130,624 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Capture(0).mpg
[2010/04/18 17:34:35 | 090,931,200 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Capture.mpg
[2010/04/18 15:07:28 | 431,329,280 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\Script(not very awesome).mpg
[2010/04/18 14:14:56 | 915,163,136 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\LONG Capture.mpg
[2010/04/18 14:09:05 | 029,095,936 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\LOL.mpg
[2010/04/17 23:21:12 | 723,405,137 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/17 21:53:40 | 000,381,010 | ---- | C] () -- C:\Windows\System32\wz_zp._ll
[2010/04/17 21:53:40 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mumsg._ll
[2010/04/17 21:53:40 | 000,001,716 | ---- | C] () -- C:\Windows\System32\message._tf
[2010/04/17 21:53:40 | 000,000,026 | ---- | C] () -- C:\Windows\System32\config.ini
[2010/04/15 18:50:43 | 000,000,162 | -H-- | C] () -- C:\Users\The Matrix Gang\Documents\~$THEORY OF LANGUAGE AND INFORMATIO1.docx
[2010/04/15 18:50:38 | 001,487,774 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\A THEORY OF LANGUAGE AND INFORMATIO1.docx
[2010/04/15 09:02:41 | 000,000,162 | -H-- | C] () -- C:\Users\The Matrix Gang\Documents\~$GENERAL THEORY OF INFORMATION.docx
[2010/04/15 07:35:39 | 000,006,006 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\ruthcalabria.aspx.htm
[2010/04/15 07:35:06 | 000,006,046 | ---- | C] () -- C:\Users\The Matrix Gang\Desktop\petercalabria.aspx.htm
[2010/04/15 06:15:36 | 000,021,732 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\TO DON.docx
[2010/04/14 06:37:30 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/04/13 13:45:25 | 001,374,026 | ---- | C] () -- C:\Users\The Matrix Gang\Documents\A GENERAL THEORY OF INFORMATION.docx
[2009/11/13 21:13:04 | 000,003,500 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009/10/25 02:18:43 | 000,000,120 | ---- | C] () -- C:\Windows\CIS_Setup_3.12.111745.560_XP_Vista_x32.INI
[2009/09/23 18:34:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/27 14:38:54 | 000,110,624 | ---- | C] () -- C:\Windows\System32\drivers\bdisk.sys
[2009/08/15 22:46:15 | 000,003,195 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/15 22:27:58 | 000,000,969 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/05/08 19:06:51 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/26 16:52:56 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/01/14 22:25:24 | 000,000,067 | ---- | C] () -- C:\Windows\AudioMidRecorder.INI
[2009/01/08 21:45:28 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2009/01/08 21:45:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2009/01/08 21:45:28 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2008/12/27 17:23:01 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 01:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: LOGEVENT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/23 07:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 07:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\AppPatch\Custom\Custom] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ehome\CreateDisc\style\style] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Globalization\Globalization] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Microsoft.NET\authman\authman] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\0409\0409] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\Branding\en-US\en-US] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\inetsrv\inetsrv] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\MUI\dispspec\dispspec] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\setup\en-US\en-US] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\WCN\de-DE\de-DE] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\WCN\es-ES\es-ES] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\WCN\fr-FR\fr-FR] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\System32\WCN\ja-JP\ja-JP] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\tracing\tracing] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\winsxs\Temp\PendingRenames\PendingRenames] -> \Device\__max++>\^ -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\The Matrix Gang\Desktop\ANOTHER long capater.mpg:TOC.WMV
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2BDCFAD6
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BB923A2
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2D5907B8
< End of report >


++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++


OTL Extras logfile created on: 5/12/2010 10:07:40 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\The Matrix Gang\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.03 Gb Total Space | 21.12 Gb Free Space | 9.47% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.71 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CUJO
Current User Name: The Matrix Gang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1015409599-2479617579-3599464290-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = jsfile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Free Video Zilla\FVZilla.exe" = C:\Program Files\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C66CFB-42A0-49B0-A5B5-112AB05A5BE6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{165C7333-35E5-44B2-B316-CC1D46F6638D}" = rport=139 | protocol=6 | dir=out | app=system |
"{1779177F-8913-444B-BC7F-6A94F601FF34}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1C031E10-18D7-4537-A6E0-9F246D273CEF}" = rport=445 | protocol=6 | dir=out | app=system |
"{1E09DF39-73D8-48E1-93DE-908BFDBCFCE2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{23B50A29-81D2-4CD9-96D5-B876FD4EDC24}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{28AE8BCB-5597-4988-A4AB-518CEB6E14F1}" = lport=138 | protocol=17 | dir=in | app=system |
"{439FB720-F181-4753-93B2-52CB2BA87F89}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4426C935-647A-4936-B9F8-237347B579FB}" = rport=138 | protocol=17 | dir=out | app=system |
"{4AB35F14-1CC3-4139-B929-3B8A04DC82A0}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{4E2700EB-9B62-48A8-852A-C60C2AE89C34}" = lport=139 | protocol=6 | dir=in | app=system |
"{4F5F0EF9-3496-4274-8C1E-BFCE50DE20BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{5D0B0096-7FCB-406A-93A5-CA247376C7A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{5DD4E901-E71F-41CB-BEE5-A128B0C81A41}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{661E6DAA-653F-4139-9865-8D6D6E59A43A}" = rport=137 | protocol=17 | dir=out | app=system |
"{75C2ED26-1F65-428D-A6F9-9CACC8460890}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8907D675-F78C-41A8-A972-7332662DEB56}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8C63CB1E-AD24-4C79-9666-1EF0C37E3C0E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B9C36122-0657-4CCA-AC4B-DAF34054039C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA6C1BC7-E76F-4EC4-BB2C-9449B81B4F76}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C4E7D9E4-01C4-4C4B-B276-882D26051B83}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CB8212E7-5415-4ABD-B8ED-0EEDBEF9029E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE1F2314-6EFA-479D-8667-CA4B4834E6FC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CE8E808F-401C-4AC7-8D8F-7788BF5E9878}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E38618EA-69FA-4C1C-A7F3-76EF8F6F802D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E7B2692A-CD82-4739-9267-7E4B5A016282}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F14F7E42-7B0E-4151-AF5B-1BB3406C9B91}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F7164994-FCEB-49EA-8864-858E5EDC01BA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FB25EE84-AA1D-4C9D-BB61-6F083490C4F0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053E5549-ECD5-4FE4-8DB9-641DFB10CF77}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{09E0998F-AA28-4411-ADA5-5521A5335795}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D5A0BF5-FA9B-4AC2-B43E-B113DC142CBA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{168A9370-EA8F-4C27-BCF1-B5E0A73644E5}" = protocol=17 | dir=in | app=c:\users\system works\appdata\local\temp\purplebean.exe |
"{18FF43EA-A743-4FA9-A78A-162503D0BE88}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1AF14B25-BAA7-4A23-9075-8E57C6956BB1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1B2FF276-4892-4A49-9044-11250D177D89}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{27188746-2C6F-497B-9638-525BFA5836BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2C05156F-68E4-49D7-8B5A-5C16EE17D490}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2DB91C67-B892-43EE-8CE3-C6113507CE09}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E2345A1-A2BE-4BB2-AF3A-9A729C7CEDD5}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{2E98965F-8470-4D94-81B6-5352F4A53F75}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2EBE419F-4C9E-437C-A320-FF96F25D5E1F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3A5A2AC1-BD78-42DB-8BC5-4FE962526480}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3CEF1E04-7737-4CA0-9D17-DFD9FEB9B69F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D68E9DB-FBEE-42CB-840F-0E2CAFA87997}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{40EAAE36-66E0-439E-9F25-D6B2E192C6CF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4100E5C1-333A-4DF4-9DDE-14E49892FCEE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{42AEFD35-CA60-40DC-A93F-0EC714E7451D}" = protocol=6 | dir=in | app=c:\users\the matrix gang\appdata\roaming\u3\0878310ed2418c98\cd231c46-3c7e-4c00-9ed9-59b8444fb374\exec\veohwebplayer.exe |
"{439E4476-665F-4517-B0E3-0DC058DD41AA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4DF93E1F-12C2-4CDF-AF77-246F487C90A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{59ECD9DD-ADA0-47D4-AE6F-473AA87B75C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{61A38F3B-7802-4BBA-BE7C-662D2C891C06}" = protocol=6 | dir=in | app=c:\users\system works\appdata\local\temp\purplebean.exe |
"{7C7D92DC-691B-4A81-9981-E1A020C8771C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{80CE22D3-1998-433C-8EDA-BBAD19349988}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{815F4152-7757-4B46-A794-ED3743BC4148}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{829EFD29-7896-476A-B319-400EE382EB9F}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{82D413DF-43E4-4C1A-9AD4-A2280E9D3F46}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{83B537A3-C7C3-43C0-B447-3208AFE04CA4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8AA77E01-E3A0-4259-BFC4-EA0F47D1FE65}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{91666F65-2909-4556-B006-6114D3871A4D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9387CC6E-6F9F-4DAE-BEFA-BC119F829AA1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{963FF741-0EE5-46AA-BA22-548D6FC9791A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A0B3F518-17CD-4092-B9A6-C62B93962242}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3C9B7FC-19FF-4CF9-9FA0-CFBCDF0D493E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AFDE37CC-053A-4B08-BD4F-F96A60D05E81}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BCFDBEA0-B2C0-4C23-9B07-35D993FAE8C3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C06653B9-8EC2-42CB-BE49-342E14765BBA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C1BAABB6-21B7-49B7-91E1-E455B4B6BC44}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{C45AFD55-67C8-4AF1-A4FA-F13131BF1E5A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C552586E-4F45-423C-847F-1316E33D8A77}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C55EE582-4D18-4465-B67C-01CCBFDC83AC}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C98AB43E-0E35-46E5-AF1D-E79F068F35CB}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{D5E4B9EB-0796-4C18-9B73-82AB74BBA7AF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD8F3B55-F11B-45E0-9484-BEFEAC7FAD5E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DEEB7900-383A-453B-94CD-88A380615F19}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DEEEA638-A819-4481-BFB2-162E3CE46582}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E1252166-0428-4CFE-853D-158656283873}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EFA9C6A7-F61C-4703-8859-797894E699C8}" = protocol=17 | dir=in | app=c:\users\the matrix gang\appdata\roaming\u3\0878310ed2418c98\cd231c46-3c7e-4c00-9ed9-59b8444fb374\exec\veohwebplayer.exe |
"{F1995F43-538B-46DC-98A9-47FDE539C02B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F90007D7-6C56-4E4E-84C8-AD6DD632F2C3}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{FFFCE246-63F2-40A1-AA1F-0823FBA0D6E7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{005946F4-98ED-461A-81CA-D631A84493D4}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{42A44D43-5C1E-41D6-86DD-E00251597BBD}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"TCP Query User{63980A5F-8BDA-4E21-A31D-F68639EA6748}C:\program files\maple 12\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 12\jre\bin\maple.exe |
"TCP Query User{7491AAB2-70B9-4987-AEF1-8EE2AE9A8B77}C:\users\the matrix gang\downloads\psoft\[pc] brothers in arms earned in blood [rip] [dopeman]\earned\system\eib.exe" = protocol=6 | dir=in | app=c:\users\the matrix gang\downloads\psoft\[pc] brothers in arms earned in blood [rip] [dopeman]\earned\system\eib.exe |
"TCP Query User{7A03AD4F-5444-4672-9080-1627D5507327}C:\program files\maple 12\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\maple 12\jre\bin\java.exe |
"TCP Query User{813D70E8-F88F-4EDA-92F7-CC0514A93594}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{925F4A33-A372-4E88-A1CF-64621176D9FD}K:\downloads\lemmingballz\lbz3d\tmp\co_real.exe" = protocol=6 | dir=in | app=k:\downloads\lemmingballz\lbz3d\tmp\co_real.exe |
"TCP Query User{A61BA85E-2FB3-4518-92D3-0529F81376C7}G:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=g:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{AB4FFC27-7844-4E55-9C67-A4ED72998B1E}C:\program files\red storm entertainment\ghost recon\ghostrecon.exe" = protocol=6 | dir=in | app=c:\program files\red storm entertainment\ghost recon\ghostrecon.exe |
"TCP Query User{B04ADA96-DC1C-45E9-BD88-5DA1D05FF86C}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{B414A57F-2D2D-424F-AA5B-223EC9B1A8C6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BFEA7C81-4E5B-43EF-891F-F0070DA5BF17}K:\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=k:\orbitdownloader\orbitnet.exe |
"TCP Query User{FB270879-DF0A-41A3-834E-3F96B0B1949A}C:\program files\operation flashpoint\flashpointresistance.exe" = protocol=6 | dir=in | app=c:\program files\operation flashpoint\flashpointresistance.exe |
"TCP Query User{FE0775F9-526B-486A-BD76-C5F787BC1463}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{087D0415-2263-4E84-873E-C81604FC4B88}C:\users\the matrix gang\downloads\psoft\[pc] brothers in arms earned in blood [rip] [dopeman]\earned\system\eib.exe" = protocol=17 | dir=in | app=c:\users\the matrix gang\downloads\psoft\[pc] brothers in arms earned in blood [rip] [dopeman]\earned\system\eib.exe |
"UDP Query User{350E368F-13F9-4D6E-9E16-B5A0333AD783}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{65114D2C-5E86-426F-A0E1-65F90445C8BE}C:\program files\maple 12\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 12\jre\bin\maple.exe |
"UDP Query User{689EB93B-A80F-4E49-8459-45A9C5CA0E0E}C:\program files\maple 12\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\maple 12\jre\bin\java.exe |
"UDP Query User{71679404-DA47-40C5-B8D1-B3D0602A2692}G:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=g:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{85668553-144F-4C29-BB31-2D2AD6D1334B}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe |
"UDP Query User{8E534C1C-8241-4CBB-97D1-A527A413AF43}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A6359A76-31A2-4FB9-BFC4-BAF8975BECB6}K:\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=k:\orbitdownloader\orbitnet.exe |
"UDP Query User{AE8D3D71-2F94-4436-AC45-6EF9C2FB3828}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{B568F76F-89A8-47AB-8820-970B635BC0EC}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{BD977A65-4742-40BE-B08E-1D0967FC7DE3}K:\downloads\lemmingballz\lbz3d\tmp\co_real.exe" = protocol=17 | dir=in | app=k:\downloads\lemmingballz\lbz3d\tmp\co_real.exe |
"UDP Query User{D92A18DF-F12A-462E-BB21-CF11EB589D93}C:\program files\operation flashpoint\flashpointresistance.exe" = protocol=17 | dir=in | app=c:\program files\operation flashpoint\flashpointresistance.exe |
"UDP Query User{F2534E92-53AA-44CF-8381-F5F90B7BBEC6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F4654CC3-608D-4CE0-9DC0-ECC466E6B36E}C:\program files\red storm entertainment\ghost recon\ghostrecon.exe" = protocol=17 | dir=in | app=c:\program files\red storm entertainment\ghost recon\ghostrecon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{06043840-7A70-4AC6-9340-2EB7E1486914}" = Microsoft Student Graphing Calculator
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1419A197-F6FB-4129-81B2-0113A3B6A09C}" = Microsoft Expression Encoder 2
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{370993B3-3515-427E-A0D6-0511D1548C80}" = Need For Speed - Porsche Unleashed 2000
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3891E1C9-8E9E-43E2-B009-6D008BCD7669}" = Microsoft Expression Blend 2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6CC02A6E-782C-4F3B-BBA9-32FE7D186091}" = Microsoft Small Basic v0.4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}" = Microsoft Expression Media 2 SP2
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8A2A94E9-627D-4DCA-A665-8AC08B2A82D6}" = ZhyperMU Season 4 AC V4
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8CBCA6C6-B90C-4E34-955C-38F0B406E6FD}" = FMUS4AC2
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6063C2-2194-486B-89B6-75AFD269029C}" = Skies of War
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0C0724A-649C-4953-BF1E-F783036969E9}" = FormatFactory
"{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9EB9663-48B0-4D55-8365-D857F9E13BBE}" = FortressMU 2010
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC62676B-10D3-41A1-9009-EA3479057CE7}" = COMODO BackUp
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C3498122-091E-4999-9EBE-7513FE904F6A}" = Microsoft Expression Design 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC870764-5AB2-4801-9F16-8E577AD0EE27}" = Redshark 3.50
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDD9B4E6-EEB7-4030-B141-F0E0C5429851}" = YVD
"{E01AE623-07FB-4E38-8CCA-8E10B86BE851}" = Rome - Total War
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Creature Creator Trial Edition
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Age of Mythology 1.0" = Age of Mythology
"AIM_6" = AIM 6
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Audacity_is1" = Audacity 1.2.6
"AutoHotkey" = AutoHotkey 1.0.48.05
"Blend_2.0.1523.0" = Microsoft Expression Blend 2
"Capoeira Fighter 3" = Capoeira Fighter 3
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Internet Security" = COMODO Internet Security
"ContextEdit_is1" = ContextEdit (PC Magazine)
"Design_5.0.1379.0" = Microsoft Expression Design 2
"DivX Setup.divx.com" = DivX Setup
"DoubleDeck Pinochle 4.0" = DoubleDeck Pinochle 4.0
"DSMT6" = MathType 6
"Encoder_2.0.1406.0" = Microsoft Expression Encoder 2
"FileZilla Client" = FileZilla Client 3.3.2.1
"FormatFactory" = FormatFactory 2.30
"Hexacto ScoreCast" = Hexacto ScoreCast
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IsoBuster_is1" = IsoBuster 2.3
"Links for Smartphone" = Links for Smartphone
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Monster Trucks Nitro Demo" = Monster Trucks Nitro Demo
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"M-WIN-L 7.0.1 1213965_is1" = Wolfram Mathematica 7 (M-WIN-L 7.0.1 1213965)
"NFOlux" = NFOlux
"NirSoft ShellExView" = NirSoft ShellExView
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"PB/Win 9.01" = PB/Win 9.01
"RealAlt_is1" = Real Alternative 2.0.1
"Revo Uninstaller" = Revo Uninstaller 1.87
"Sandboxie" = Sandboxie 3.42
"SCRABBLE® 2007 EDITION" = SCRABBLE® Interactive 2007 EDITION Uninstall
"Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.48
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Student and Home Edition" = Student and Home Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Trial Challenge" = Trial Challenge
"UnityWebPlayer" = Unity Web Player
"UT2004-Demo" = Unreal Tournament 2004 Demo
"uTorrent" = µTorrent
"VBS1 " = VBS1 uninstall
"Veoh Web Player Beta" = Veoh Web Player Beta
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.5
"WT015792" = FATE
"X3TerranConflictRDemo_is1" = X3 Terran Conflict Rolling Demo
"XdN Tweaker" = XdN Tweaker 0.9.2.1
"XWeb" = Microsoft Expression Web 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1015409599-2479617579-3599464290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2speced 10.6 client" = 2speced 10.6 client
"Google Chrome" = Google Chrome
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:38 AM

Posted 13 May 2010 - 01:56 PM

Hi,

please try to run gmer next:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 bobpsmith

bobpsmith
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 13 May 2010 - 09:37 PM

GMER ran all the way through uneventfully, however there were a few unexpected occurrences after I saved the log file. After I closed GMER (or ykqb4kss.exe in my case) I restarted Microsoft Security Essentials (my AV software) and COMODO (my firewall) and tried to reconnect to the internet, that is where I had my first problem. I am running an HP laptop (HP G60) and there is a Wifi button near my power button that turns on/off the "wireless assistant," so to disconnect I just pressed that button and when I wanted to reconnect I pressed it again, a small box popped up and told me that it was indeed now ON, but it didn't find and networks. I unplugged it to try to get better reception, but when I did that the screen went black, only the mouse pointer was visible.

So I don't know how, or even if, this is related to whatever my problem is, but I at least now you know exactly what happened. Here is the log.

Robert

P.S. The file is to long (700kb) so I will have to split it up.

++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-13 21:55:39
Windows 6.0.6002 Service Pack 2
Running: ykqb4kss.exe; Driver: C:\Users\THEMAT~1\AppData\Local\Temp\pxldqpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x9628E0B0]

Code AAB87B0C ZwTraceEvent
Code AAB87B0B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 8227D376 5 Bytes JMP AAB87B10
.text ntkrnlpa.exe!KeSetEvent + 621 822FED84 4 Bytes [B0, E0, 28, 96]
.text win32k.sys!EngTransparentBlt + 8B03 A244221E 5 Bytes JMP AAB87930
.text win32k.sys!XFORMOBJ_iGetXform + 4559 A244FD01 5 Bytes JMP AAB87610
.text win32k.sys!EngGradientFill + 60BD A2493055 5 Bytes JMP AAB87890
.text win32k.sys!EngMulDiv + 4D02 A24999F1 5 Bytes JMP AAB876B0
.text win32k.sys!EngMulDiv + 8B1E A249D80D 5 Bytes JMP AAB87570
.text win32k.sys!EngStrokePath + 5FF A24A6C6C 5 Bytes JMP AAB879D0
.text win32k.sys!EngAlphaBlend + 8888 A24BDF25 5 Bytes JMP AAB87430
.text win32k.sys!EngAlphaBlend + 9B12 A24BF1AF 5 Bytes JMP AAB874D0
.text win32k.sys!STROBJ_vEnumStart + 4728 A24D67A9 5 Bytes JMP AAB87A70
.text win32k.sys!CLIPOBJ_bEnum + 24A A24FA3DA 5 Bytes JMP AAB877F0
.text win32k.sys!EngLineTo + A0F A251D066 5 Bytes JMP AAB87750

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 00244550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 002481E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 002419F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 00241950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtClose 773B4314 5 Bytes JMP 002482B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 002418D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 00241890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 002419B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 00241910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 00241A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 00241970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 002418F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 00241930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 002419D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 00241990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 002418B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 00247040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 00241A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 00241A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 00241A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 00241D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 00241B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 00241C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 00241BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 00241B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 00241CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 00241CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 00241C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 00241C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 00241AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 00241D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 00241AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 00241D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 00241A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 00241CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 00241D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 00241B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 00241B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 00241C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 00241C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 00241B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 00241BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 00241BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 00241D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 00241AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] USER32.dll!EndTask 7721AD32 5 Bytes JMP 00247E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 00241640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 00241480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 00241250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 00241000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 00247D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 00247BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 00241DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 00241E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 00241DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\SMINST\BLService.exe[344] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 00241DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[568] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[624] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[676] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[688] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

Edited by bobpsmith, 13 May 2010 - 09:41 PM.


#6 bobpsmith

bobpsmith
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 13 May 2010 - 09:42 PM

.text C:\Windows\system32\lsm.exe[696] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[696] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[888] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[932] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[960] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1016] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 0040F950 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1132] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[1152] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1228] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1248] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] shell32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] shell32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] shell32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1264] shell32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1292] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] WININET.dll!InternetConnectA 75CDDEAE 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1304] WININET.dll!InternetConnectW 75CDF862 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)


.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] WININET.dll!InternetConnectA 75CDDEAE 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] WININET.dll!InternetConnectW 75CDF862 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1368] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1372] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1432] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] shell32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] shell32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] shell32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] shell32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] WinInet.dll!InternetConnectA 75CDDEAE 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1560] WinInet.dll!InternetConnectW 75CDF862 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] WININET.dll!InternetConnectA 75CDDEAE 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1568] WININET.dll!InternetConnectW 75CDF862 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WLANExt.exe[1868] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1980] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2008] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2044] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] WININET.dll!InternetConnectA 75CDDEAE 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] WININET.dll!InternetConnectW 75CDF862 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MathType\MathType.exe[2124] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe[2544] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

#7 bobpsmith

bobpsmith
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 13 May 2010 - 09:45 PM

.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[2572] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2608] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[2616] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2644] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe[2792] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\DRIVERS\xaudio.exe[2804] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2812] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2964] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[3132] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] WININET.dll!InternetConnectA 75CDDEAE 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] WININET.dll!InternetConnectW 75CDF862 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\WindowsMobile\wmdc.exe[3224] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\unsecapp.exe[3244] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)


#8 bobpsmith

bobpsmith
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 13 May 2010 - 09:46 PM

.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3332] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] WININET.dll!InternetConnectA 75CDDEAE 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3380] WININET.dll!InternetConnectW 75CDF862 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] KERNEL32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] shell32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] shell32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] shell32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] shell32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3436] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE[3844] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] WININET.dll!InternetConnectA 75CDDEAE 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3872] WININET.dll!InternetConnectW 75CDF862 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] WININET.dll!InternetConnectA 75CDDEAE 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] WININET.dll!InternetConnectW 75CDF862 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jusched.exe[4080] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[5016] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] shell32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] shell32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] shell32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] shell32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\The Matrix Gang\Desktop\ykqb4kss.exe[5404] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\rundll32.exe[5464] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] WS2_32.dll!WSASocketW 76F334EB 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] WS2_32.dll!WSASocketA 76F38FA9 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\vssvc.exe[6320] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!LdrLoadDll 77379390 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!LdrUnloadDll 7738BA50 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!LdrGetProcedureAddress 77395A88 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtAllocateVirtualMemory 773B4134 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtClose 773B4314 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtCreateFile 773B43D4 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtCreateProcess 773B4494 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtCreateProcessEx 773B44A4 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtDeleteFile 773B47B4 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtFreeVirtualMemory 773B4944 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtLoadDriver 773B4A64 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtOpenFile 773B4BB4 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtProtectVirtualMemory 773B4D34 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtSetInformationProcess 773B5324 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtUnloadDriver 773B5574 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtWriteVirtualMemory 773B5674 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!NtCreateUserProcess 773B5804 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ntdll.dll!RtlAllocateHeap 773B6570 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!CreateProcessW 76E51BF3 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!CreateProcessA 76E51C28 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!VirtualProtect 76E51DC3 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!OpenFile 76E5355A 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!MoveFileW 76E5A2F2 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!CopyFileExW 76E60211 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!CopyFileW 76E60299 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!DeleteFileW 76E6F4B6 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!DeleteFileA 76E6F5D2 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!MoveFileWithProgressW 76E710A4 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!MoveFileExW 76E710C8 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!LoadLibraryExW 76E79109 7 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!LoadLibraryW 76E79362 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!LoadLibraryExA 76E794B4 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!LoadLibraryA 76E794DC 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!GetProcAddress 76E9903B 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!GetModuleHandleA 76E992A5 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!GetModuleHandleW 76E9A804 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!CreateFileW 76E9AECB 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!CreateFileA 76E9CE5F 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!MoveFileExA 76EA0F0A 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!MoveFileWithProgressA 76EA0F2A 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!CopyFileA 76EA2433 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!MoveFileA 76EDF641 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!CopyFileExA 76EE19F9 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!WinExec 76EE5CF7 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] kernel32.dll!LoadModule 76EE5E4F 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ADVAPI32.dll!OpenServiceA 76D12EBD 7 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ADVAPI32.dll!OpenServiceW 76D18354 7 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ADVAPI32.dll!CreateServiceW 76D39EB4 7 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ADVAPI32.dll!CreateServiceA 76D772A1 7 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] USER32.dll!EndTask 7721AD32 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] SHELL32.dll!ShellExecuteW 761F9725 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] SHELL32.dll!ShellExecuteExW 7624C135 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] SHELL32.dll!ShellExecuteEx 763F9FE2 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] SHELL32.dll!ShellExecuteA 763FA07D 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ole32.dll!CoGetClassObject 770BFABC 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] ole32.dll!CoCreateInstanceEx 770D9EE9 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] WININET.dll!InternetConnectA 75CDDEAE 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.exe[7332] WININET.dll!InternetConnectW 75CDF862 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [743B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [7440A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [743BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [743AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [743B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [743AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [743BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [743AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [743AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [743A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7443CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [743DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [743AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [743A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [743A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[7332] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [743B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x42 0xF4 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCF 0xC0 0xE2 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAE 0xF5 0x00 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x5B 0x63 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD4 0xD6 0xAF 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9E 0x88 0x13 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC2 0x3C 0x6B 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0x42 0xF4 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCF 0xC0 0xE2 0x37 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAE 0xF5 0x00 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x97 0x5B 0x63 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD4 0xD6 0xAF 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9E 0x88 0x13 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC2 0x3C 0x6B 0x71 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@K:\Downloads\Mu stuff\FortressMU\fortress 3d\Data\Object34\Object01_\xbføº\xbb.bmd 1

---- EOF - GMER 1.0.15 ----


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:38 AM

Posted 14 May 2010 - 03:15 AM

Hi,

can you now access the internet again, or are still things off?

Please run a scan with ComboFix:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 bobpsmith

bobpsmith
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 14 May 2010 - 11:00 PM

Yes the internet is working fine, sorry I didn't make that clear. After I got the black screen I forced power down by holding the power button, when it booted back up everything was more or less fine. There are some hidden files on my desktop (two desktop.ini files and two word files in the form of ~$name.doc), but like I said not any worse than before. OK, back to your last set of instructions; I ran combo fix and the results are listed below, it deleted two files as you will see and it may be my imagination but I think things are working better already. Just a heads up, this is a family computer (meaning the only time I get my hands on it is when something goes wrong) and my precocious younger brother went ahead and put on Unreal Tournament 2004 (demo) despite my orders not to download/install anything, I don't know if this changes anything, but I remember that in your first reply you wanted a "fresh" set of diagnostic logs so if you see is show up you will know that it was caused by human hands.

I Looked at your profile and saw you are based out of Germany (which is cool), but as I am in Baltimore, MD (near Washington DC) the time difference is a little on the large side, which leads to a few questions I would like to ask. 1.) I signed up for bleepingcomputer.com when I was down in Texas (CST), but as I am now back home on the east coast (EST), how do I change my time zone??? 2.) If there are a few more tasks that need to be done I would not mind if we set a time to be online so we could get this done instead of having to take 2 days to do one back and forth. I can hook up with you anytime between 8pm (20:00) EST and 4am (4:00) EST. So if you think this is a good idea then you can send me a time (just make sure you tell me what time zone it is!) when you would like to be on and I will get together with you then. 3.) If English does not happen to be your first language and my gibberish does not make sense to you just tell me and I will try to be more clear!

Rob

ComboFix 10-05-14.06 - The Matrix Gang 05/14/2010 22:38:36.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1695 [GMT -4:00]
Running from: c:\users\The Matrix Gang\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AbaleZip.dll
c:\windows\system32\Config.ini

.
((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.

2010-05-15 02:58 . 2010-05-15 02:58 -------- d-----w- c:\users\System Works\AppData\Local\temp
2010-05-15 02:58 . 2010-05-15 02:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-15 02:58 . 2010-05-15 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-13 17:55 . 2010-05-13 17:56 -------- d-----w- c:\program files\MagicISO
2010-05-12 04:30 . 2010-05-12 04:30 -------- d-----w- c:\users\The Matrix Gang\AppData\Roaming\SUPERAntiSpyware.com
2010-05-12 04:29 . 2010-05-12 04:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-12 04:18 . 2010-05-12 04:18 -------- d-----w- c:\program files\EGOSOFT
2010-05-11 21:39 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-10 17:36 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 17:36 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 17:36 . 2010-05-10 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 05:59 . 2010-05-10 03:29 -------- d-----w- c:\users\The Matrix Gang\AppData\Roaming\DivX
2010-05-04 05:59 . 2010-05-04 05:59 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-04 05:58 . 2010-05-04 05:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-04 05:57 . 2010-05-04 06:00 -------- d-----w- c:\program files\DivX
2010-05-04 05:56 . 2010-05-04 06:11 -------- d-----w- c:\programdata\DivX
2010-04-16 18:20 . 2010-04-18 01:53 -------- d-----w- c:\windows\system32\MuGuard
2010-04-16 18:20 . 2010-04-16 18:20 -------- d-----w- c:\windows\system32\Data

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 02:53 . 2009-10-24 07:24 -------- d-----w- c:\users\The Matrix Gang\AppData\Roaming\uTorrent
2010-05-15 02:30 . 2008-11-09 14:21 66309 ----a-w- c:\programdata\nvModes.dat
2010-05-14 05:35 . 2009-03-26 00:03 -------- d-----w- c:\program files\Google
2010-05-12 21:15 . 2010-03-22 23:44 -------- d-----w- c:\users\The Matrix Gang\AppData\Roaming\vlc
2010-05-12 20:09 . 2009-11-11 01:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-12 20:01 . 2008-11-09 02:39 -------- d-----w- c:\users\The Matrix Gang\AppData\Roaming\Orbit
2010-05-12 07:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 07:09 . 2008-08-04 18:13 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 04:32 . 2010-05-12 04:32 52224 ----a-w- c:\users\The Matrix Gang\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-12 04:31 . 2010-05-12 04:31 117760 ----a-w- c:\users\The Matrix Gang\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-11 00:17 . 2010-05-11 00:17 388096 ----a-r- c:\users\The Matrix Gang\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-10 17:14 . 2008-11-11 03:15 -------- d-----w- c:\users\System Works\AppData\Roaming\Orbit
2010-05-10 16:04 . 2009-06-12 23:15 -------- d-----w- c:\program files\Revo Uninstaller
2010-05-10 12:29 . 2009-04-24 23:01 -------- d-----w- c:\users\The Matrix Gang\AppData\Roaming\FileZilla
2010-05-10 03:06 . 2008-11-09 02:39 -------- d-----w- c:\program files\Orbitdownloader
2010-05-06 14:36 . 2009-10-02 18:09 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 06:02 . 2010-05-04 06:02 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-04 06:00 . 2010-05-04 06:00 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-04 06:00 . 2010-05-04 06:00 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-05-04 06:00 . 2010-05-04 06:00 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-05-04 06:00 . 2010-05-04 06:00 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-05-04 05:59 . 2010-05-04 05:59 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-05-04 05:59 . 2010-05-04 05:59 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-04 05:59 . 2010-05-04 05:59 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-04 05:59 . 2010-05-04 05:59 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-05-04 05:59 . 2010-05-04 05:59 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-04 05:59 . 2010-05-04 05:59 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-05-04 05:59 . 2010-05-04 05:59 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-05-04 05:59 . 2010-05-04 05:59 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-05-04 05:59 . 2010-05-04 05:59 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-05-04 05:58 . 2010-05-04 05:58 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-04 05:58 . 2010-05-04 05:58 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-04 05:58 . 2010-05-04 05:58 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-04 05:58 . 2010-05-04 05:58 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-04 05:58 . 2010-05-04 05:58 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-04 05:56 . 2010-05-04 06:00 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-04 05:15 . 2010-05-04 06:00 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-19 03:29 . 2009-08-11 02:13 -------- d-----w- c:\program files\FormatFactory
2010-04-15 12:41 . 2008-11-10 15:13 -------- d-----w- c:\users\The Matrix Gang\AppData\Roaming\U3
2010-04-07 13:42 . 2010-04-06 01:09 -------- d-----w- c:\program files\AP Tuner
2010-04-06 09:12 . 2010-04-16 16:02 114360 ----a-w- c:\users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2010-04-06 08:42 . 2010-04-06 08:42 -------- d-----w- c:\users\System Works\AppData\Roaming\Design Science
2010-04-06 02:44 . 2010-04-06 02:44 -------- d-----w- c:\users\The Matrix Gang\AppData\Roaming\Overloud
2010-04-04 01:18 . 2010-04-04 01:18 1925088 ----a-w- c:\users\The Matrix Gang\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-04-03 22:45 . 2008-08-04 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-03 14:43 . 2009-10-24 07:25 -------- d-----w- c:\program files\uTorrent
2010-03-29 18:26 . 2008-08-04 18:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-29 16:55 . 2008-11-11 02:31 112872 ----a-w- c:\users\System Works\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-28 01:38 . 2010-03-28 01:38 -------- d-----w- c:\program files\XeroCreative
2010-03-27 22:01 . 2008-11-07 22:09 112872 ----a-w- c:\users\The Matrix Gang\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-27 21:58 . 2010-03-27 21:58 -------- d-----w- c:\program files\MathType
2010-03-27 20:45 . 2010-03-27 20:45 -------- d-----w- c:\program files\IZArc
2010-03-27 19:51 . 2009-10-14 07:27 -------- d-----w- c:\program files\CCleaner
2010-03-27 18:34 . 2010-03-27 18:30 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-27 18:30 . 2010-03-27 18:30 -------- d-----w- c:\users\The Matrix Gang\AppData\Roaming\SystemRequirementsLab
2010-03-27 18:30 . 2010-03-27 18:30 290816 ----a-w- c:\users\The Matrix Gang\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-03-27 18:30 . 2010-03-27 18:30 290816 ----a-w- c:\users\The Matrix Gang\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-03-27 18:30 . 2010-03-27 18:30 290816 ----a-w- c:\users\The Matrix Gang\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-03-27 18:30 . 2010-03-27 18:30 290816 ----a-w- c:\users\The Matrix Gang\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-03-27 17:57 . 2008-09-24 22:07 -------- d-----w- c:\programdata\NVIDIA
2010-03-22 23:43 . 2008-11-14 01:43 -------- d-----w- c:\program files\VLC
2010-03-22 23:12 . 2009-07-15 16:23 -------- d-----w- c:\program files\FileZilla FTP Client
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-05 14:01 . 2010-04-14 10:25 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 11:10 . 2010-04-14 10:25 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 10:25 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 10:25 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-04-03 23:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-03 23:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-03 23:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-03 23:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-12 02:48 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 02:47 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 02:47 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-18 14:07 . 2010-04-14 10:26 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-14 10:25 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:07 . 2010-04-14 10:25 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 13:30 . 2010-04-14 10:26 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-14 10:26 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2008-08-04 15:03 . 2008-08-04 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-10 321328]
"Google Update"="c:\users\The Matrix Gang\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-03-26 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-12-17 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-11 149280]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

c:\users\System Works\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
taskmgr_min startup.lnk - c:\windows\System32\taskmgr.exe [2008-1-20 163840]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2008-11-10 3656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:d9,4b,11,61,34,46,ca,01

R2 gupdate1c9ada66d91c090;Google Update Service (gupdate1c9ada66d91c090);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
R2 SynchronizationService.exe;Synchronization Service;c:\program files\COMODO\COMODO BackUp\SynchronizationService.exe [2009-08-27 232448]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 LLRING0;LLRING0;c:\users\The Matrix Gang\Downloads\Champs stuff\MU stuff\fortressmu 2010 muguard\MuGuard\llck2.sys [2010-04-26 4096]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-12 12872]
R3 THZWPEPDF;THZWPEPDF;c:\users\THEMAT~1\AppData\Local\Temp\THZWPEPDF.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-11 721904]
S0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\system32\drivers\bdisk.sys [2009-08-27 110624]
S0 CBUfs;CBUfs;c:\windows\system32\DRIVERS\CBUFS.sys [2009-08-27 107040]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-12-17 128376]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-12-17 29520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-12 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-12 68168]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 00:03]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 00:03]

2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1015409599-2479617579-3599464290-1000Core.job
- c:\users\The Matrix Gang\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-26 12:50]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1015409599-2479617579-3599464290-1000UA.job
- c:\users\The Matrix Gang\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-26 12:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: c:\users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\users\The Matrix Gang\AppData\Roaming\Mozilla\Firefox\Profiles\lqsvmaa8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\VLC\npvlc.dll
FF - plugin: c:\users\The Matrix Gang\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\The Matrix Gang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

AddRemove-VBS1 - c:\program files\Codemasters\UnInstallVBS1.exe
AddRemove-2speced 10.6 client - k:\runescape stuff\Clients\2Specd\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 22:59
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,c2,39,df,f1,a8,5c,45,bb,dd,cb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,c2,39,df,f1,a8,5c,45,bb,dd,cb,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\guard32.dll
.
Completion time: 2010-05-14 23:08:20
ComboFix-quarantined-files.txt 2010-05-15 03:08
ComboFix2.txt 2009-10-22 00:17
ComboFix3.txt 2009-10-21 03:03
ComboFix4.txt 2009-10-21 00:54
ComboFix5.txt 2010-05-15 02:32

Pre-Run: 22,591,619,072 bytes free
Post-Run: 25,026,146,304 bytes free

- - End Of File - - 42C887A21F77072A67D416ADA379D3FC


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:38 AM

Posted 15 May 2010 - 08:48 AM

Hi,

QUOTE
There are some hidden files on my desktop (two desktop.ini files and two word files in the form of ~$name.doc), but like I said not any worse than before

ComboFix unhides hidden files, we will rehide them in the end and they will become invisible again. The desktop.ini hold your settings for the Desktop folder and the ~$...doc files are automatic backups made by MsOffice while you were editing the document. This is nothing to be worried about.

QUOTE
I signed up for bleepingcomputer.com when I was down in Texas (CST), but as I am now back home on the east coast (EST), how do I change my time zone???

Click on My Controls at the top and scroll down to Options and click on Board Settings, you should then see the option to change your time settings.
QUOTE
can hook up with you anytime between 8pm (20:00) EST and 4am (4:00) EST.

I'm not really online on a schedule. But I often am online until 2 or 3 am, which should be 8-9pm EST. We could try for this tonight, if you wish.

And I'll shout if I don't get your gibberish. wink.gif

So far the logs are looking good. Could you please run a scan with sfc and chkdsk next. Let me know if this improves the behaviour of your PC further.

Please run a system file check.

Click Start > All Programs > Accessories then right-click Command Prompt and then click Run as Administrator. Then type in this command

sfc /scannow

Make sure to include the space between the first "c" and the "/".

This will run the System File checker and it will scan for corrupt or missing files. It may prompt you to insert the CD if it needs to obtain files.

Please post back when it has finished letting me know what it has reported.

Please also Run Chkdsk
Running chkdsk may take some time to complete. Please be patient and do not use the computer, press any keys, or try to stop the chkdsk scan once it has started.
  • Right-click the Start button and select Explore
  • Navigate to your C: Drive, then right-click the drive and select Properties
  • In the Properties window that pops-up, click the Tools tab and then click on the button that says Check Now
  • If the User Account Control window pops-up asking for permission to run Check Disk, please click on Continue
  • In the Check Disk Options window that pops-up, place a check-mark in both boxes:
    • Automatically fix file system errors
    • Scan for and attempt recovery of bad sectors
  • Now click on Start.
  • A new window will pop-up saying, Windows can't check the disk while it's in use, click schedule disk check
  • Now shut-down your computer, not restart, and then turn on your computer.
  • When your computer turns on, you will see a blcak screen with white lettering, this is chkdsk running.
  • Let chkdsk run through its 5 Stages. When it is finished, your computer will boot to the desktop.

Let me know if this improves the behaviour of your PC.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 bobpsmith

bobpsmith
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 19 May 2010 - 06:11 AM

OK here goes, results are as follows:


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:38 AM

Posted 19 May 2010 - 10:06 AM

Hi,

you seem to have forgotten to include the results. wink.gif

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 bobpsmith

bobpsmith
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 19 May 2010 - 11:16 PM

mellow.gif OK, so that didn't work out to well at all! I ran the sfc /scannow scan that you asked for and this is what happened (for real):

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. for example
......

That is what the screen looked like when it finished. I would give you the CBS.log file, but it is 13.1MB, MEGA bytes!!!

I will hold off on the on running checkdisk till you can make heads or tails out of how badly I messed up this time.

Eternally grateful,
Rob


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:38 AM

Posted 20 May 2010 - 04:41 AM

Hi,

you can extract the "relevant" info from the CBS log as follows:

  • Click Start, type cmd in the Start Search box, right-click cmd in the Programs list, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.
  • In the window that opens type the following command, and then press ENTER:
    cd Desktop
  • In the next line type:
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt
  • A file called sfcdetails.txt should appear on your Desktop. Attach it to your next reply, please.
I am more interested though in knowing how your PC is doing now.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users