Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    New AI Algorithm Can Fix Grainy Images Without Looking at Clean Photos

Featured Deal: Deal for 77% off a NordVPN 3 Year VPN Subscription

Photo

Suffering Browser redirects.

Started by busco262 , Jul 10 2010 09:52 AM

  • This topic is locked This topic is locked
23 replies to this topic

#1 busco262

busco262

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:05 AM

Posted 10 July 2010 - 09:52 AM

Hello,

I have been noticing that my browser is being redirected randomly. I have run Spybot S&D and Malwarebytes to remove, but the issue still remains. I have attached my HijackThis log below.


Please help!!!

++++++++++++++++++++++++++++

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:45:11 AM, on 7/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.31/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/52.07/uploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Google Update Service (gupdate1ca19028c51cfa2) (gupdate1ca19028c51cfa2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11892 bytes

BC AdBot (Login to Remove)

 

#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:05 PM

Posted 13 July 2010 - 03:00 AM

Hello, busco262.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#3 busco262

busco262
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:05 AM

Posted 13 July 2010 - 06:54 PM

Hi aommaster,

Here is the content of log.txt:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Morris at 2010-07-13 16:45:19
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (6%) free of 153 GB
Total RAM: 2045 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:46:04 PM, on 7/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Morris\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Morris.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.31/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/52.07/uploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Google Update Service (gupdate1ca19028c51cfa2) (gupdate1ca19028c51cfa2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11585 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{F8D322F4-2C86-4F27-93BD-8A8E930432AF}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-08-09 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-25 13570048]
"nwiz"=nwiz.exe /install []
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-06-07 9129984]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"COMODO Firewall Pro"=C:\Program Files\Comodo\Firewall\cfp.exe -h []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-06-01 2039240]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-07-25 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-09 39408]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GroupManager]
C:\Program Files\BlogFarmGenerator\groupmanager.exe [2009-03-09 32256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]
C:\WINDOWS\system32\LogonDll.dll [2008-10-02 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2001-09-24 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli
ksyl32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108799
"NoDriveTypeAutoRun"=251
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Avant Browser\avant.exe"="C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser"
"C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe"="C:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe"="C:\Program Files\Yahoo! Games\Scrabble\Scrabble.exe:*:Enabled:SCRABBLE ®"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Program Files\Boson Software\Boson NetSim for CCNP\Boson_NetSim.exe"="C:\Program Files\Boson Software\Boson NetSim for CCNP\Boson_NetSim.exe:*:Disabled:Boson NetSim"
"C:\Program Files\Tftpd32\tftpd32.exe"="C:\Program Files\Tftpd32\tftpd32.exe:*:Enabled:TFTP server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.txt - open - C:\WINDOWS\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-07-13 16:45:19 ----D---- C:\rsit
2010-07-10 06:19:58 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-10 06:19:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-10 06:19:50 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-02 19:27:28 ----HDC---- C:\WINDOWS\ie8
2010-06-29 00:10:44 ----D---- C:\Fraps
2010-06-28 23:54:37 ----D---- C:\WINDOWS\system32\AGEIA
2010-06-28 23:54:33 ----D---- C:\Program Files\AGEIA Technologies
2010-06-28 23:53:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-06-28 23:49:51 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-06-26 09:55:53 ----HD---- C:\VritualRoot
2010-06-26 08:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\COMODO
2010-06-26 08:51:26 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo Downloader

======List of files/folders modified in the last 1 months======

2010-07-13 16:01:06 ----D---- C:\WINDOWS\TEMP
2010-07-13 14:57:21 ----SD---- C:\WINDOWS\Tasks
2010-07-13 13:07:01 ----D---- C:\WINDOWS\system32
2010-07-12 14:44:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-11 23:51:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-11 20:17:29 ----SHD---- C:\WINDOWS\CSC
2010-07-10 21:59:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-10 07:38:55 ----SHD---- C:\WINDOWS\Installer
2010-07-10 07:38:55 ----SHD---- C:\Config.Msi
2010-07-10 06:19:58 ----D---- C:\WINDOWS\system32\drivers
2010-07-10 06:19:50 ----RD---- C:\Program Files
2010-07-09 20:48:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-07-09 20:48:03 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-07-09 06:05:44 ----D---- C:\Documents and Settings\Morris\Application Data\uTorrent
2010-07-07 06:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2010-07-05 16:11:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-05 10:54:21 ----D---- C:\Program Files\Yahoo!
2010-07-03 15:02:31 ----D---- C:\WINDOWS\Prefetch
2010-07-02 19:35:06 ----D---- C:\WINDOWS
2010-07-02 19:32:27 ----D---- C:\WINDOWS\system32\en-US
2010-07-02 19:32:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-02 19:32:26 ----HD---- C:\WINDOWS\inf
2010-07-02 19:32:26 ----D---- C:\WINDOWS\Media
2010-07-02 19:32:26 ----D---- C:\WINDOWS\Help
2010-07-02 19:32:26 ----D---- C:\Program Files\Internet Explorer
2010-07-02 19:31:05 ----HD---- C:\WINDOWS\msdownld.tmp
2010-07-02 19:30:44 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-07-02 06:30:44 ----D---- C:\WINDOWS\ie8updates
2010-07-02 06:12:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-07-01 17:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-07-01 17:24:27 ----A---- C:\WINDOWS\Sandboxie.ini
2010-06-29 00:11:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-28 23:56:25 ----D---- C:\WINDOWS\nview
2010-06-28 23:55:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-28 23:53:35 ----D---- C:\Program Files\Common Files
2010-06-28 06:12:09 ----D---- C:\Program Files\Mozilla Firefox
2010-06-27 23:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2010-06-27 23:01:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-06-27 23:00:56 ----D---- C:\Program Files\Windows Live Safety Center
2010-06-27 23:00:17 ----D---- C:\Program Files\Yahoo! Games
2010-06-27 22:58:40 ----D---- C:\Documents and Settings\All Users\Application Data\Tablet
2010-06-27 22:57:52 ----D---- C:\Program Files\PeerGuardian2
2010-06-27 22:57:20 ----D---- C:\Documents and Settings\Morris\Application Data\Move Networks
2010-06-27 22:55:31 ----SD---- C:\Documents and Settings\Morris\Application Data\Microsoft
2010-06-27 22:53:23 ----D---- C:\Program Files\Microsoft ActiveSync
2010-06-27 22:51:53 ----RSD---- C:\WINDOWS\Fonts
2010-06-27 22:51:53 ----D---- C:\Program Files\HyperTerminal
2010-06-27 12:28:48 ----A---- C:\WINDOWS\win.ini
2010-06-27 12:27:12 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2010-06-26 08:57:07 ----D---- C:\Program Files\Comodo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DeepFrz;DeepFrz; C:\WINDOWS\system32\drivers\DeepFrz.sys [2008-10-02 134800]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-06-01 87824]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2010-06-01 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-06-01 25240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-11-20 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2010-01-30 223440]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-02-28 180736]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-11-20 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS; C:\WINDOWS\system32\DRIVERS\IAMTXP.sys [2005-03-09 38528]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-11-20 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-07-25 6097536]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-09-11 20608]
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 NAVAP;NAVAP; \??\C:\Program Files\NavNT\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090325.002\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090325.002\NAVEX15.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vhidmini;Root Enumerated Hid Device; C:\WINDOWS\system32\DRIVERS\walvhid.sys [2007-11-16 5504]
S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-06-01 1778480]
R2 DF5Serv;DF5Serv; C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe [2008-10-02 431616]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-07-25 159812]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-05-28 53760]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate1ca19028c51cfa2;Google Update Service (gupdate1ca19028c51cfa2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-09 190448]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2006-09-16 71184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]

-----------------EOF-----------------


+++++++++++++++

Content of info.txt;

+++++++++++++++++++info.txt logfile of random's system information tool 1.08 2010-07-13 16:46:13

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}
-->MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avant Browser (remove only)-->"C:\Program Files\Avant Browser\uninst.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Caillou Ready To Read-->C:\PROGRA~1\BRIGHT~1\CAILLO~1\UNWISE.EXE C:\PROGRA~1\BRIGHT~1\CAILLO~1\INSTALL.LOG
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
COMODO Internet Security-->MsiExec.exe /I{CC6B1BB4-4E06-4A5B-A166-B371B551324B}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" -l0x9 UNINSTALL
EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
Fraps-->"C:\Fraps\uninstall.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.99\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
Intel® PRO Network Connections Software v10.0.17.0-->C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qf /le C:\DOCUME~1\Morris\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel® PROSafe for Wired Connections-->MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel® PROSafe for Wired Connections-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate 1.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {519D9F45-CBF4-4E57-B419-11F196CCA8AE}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nero 7 Premium-->MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.07.18-->MsiExec.exe /X{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Wizard 2008.1.84-->"C:\Program Files\PC Wizard 2008\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickBooks Premier: Accountant Edition 2007-->msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="accountant" QBFULLNAME="QuickBooks Premier: Accountant Edition 2007" ADDREMOVE=1
QuickBooks Product Listing Service-->MsiExec.exe /I{55584E16-4D70-44EE-93DD-F144E8B7D4B7}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Sandboxie 3.38-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio 2007 (KB982127)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {AA3200A8-BD90-4763-B7D0-27DFBFB8DD71}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Tera Term 4.62-->"C:\Program Files\teraterm\unins000.exe"
Tftpd32 Standalone Edition (remove only)-->"C:\Program Files\Tftpd32\uninstall.exe"
The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (kb983486)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {913DFE19-32EC-4099-89AC-27FC493A7A2E}
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Window Washer-->C:\WINDOWS\Unwash6.exe
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\mbtmdm_B08520DA75F32B2F150F141FB0198C4ACABCC886\mbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor-->MsiExec.exe /I{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

======Hosts File======

127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: COMODO Antivirus
FW: COMODO Firewall

======System event log======

Computer Name: VANNESS1
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 158293
Source Name: DCOM
Time Written: 20100706171036.000000-420
Event Type: error
User: VANNESS1\Morris

Computer Name: VANNESS1
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 158292
Source Name: DCOM
Time Written: 20100706171016.000000-420
Event Type: error
User: VANNESS1\Morris

Computer Name: VANNESS1
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 158291
Source Name: DCOM
Time Written: 20100706170956.000000-420
Event Type: error
User: VANNESS1\Morris

Computer Name: VANNESS1
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 158290
Source Name: DCOM
Time Written: 20100706165936.000000-420
Event Type: error
User: VANNESS1\Morris

Computer Name: VANNESS1
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service NMIndexingService with arguments ""
in order to run the server:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 158289
Source Name: DCOM
Time Written: 20100706164916.000000-420
Event Type: error
User: VANNESS1\Morris

=====Application event log=====

Computer Name: VANNESS1
Event Code: 1
Message:
Record Number: 18431
Source Name: nview_info
Time Written: 20100701125419.000000-420
Event Type: error
User:

Computer Name: VANNESS1
Event Code: 1
Message:
Record Number: 18430
Source Name: nview_info
Time Written: 20100701125419.000000-420
Event Type: error
User:

Computer Name: VANNESS1
Event Code: 1
Message:
Record Number: 18429
Source Name: nview_info
Time Written: 20100701125419.000000-420
Event Type: error
User:

Computer Name: VANNESS1
Event Code: 1
Message:
Record Number: 18428
Source Name: nview_info
Time Written: 20100701125419.000000-420
Event Type: error
User:

Computer Name: VANNESS1
Event Code: 1
Message:
Record Number: 18427
Source Name: nview_info
Time Written: 20100701125419.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Please let me know if you need anything else and thanks for the assistance. I will be posting the GMER results log in my next reply.


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:05 PM

Posted 13 July 2010 - 07:19 PM

Hi!

Glad to help smile.gif

I'll wait for the GMER log.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#5 busco262

busco262
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:05 AM

Posted 13 July 2010 - 10:02 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-13 19:44:53
Windows 5.1.2600 Service Pack 2
Running: rvx7vrig.exe; Driver: C:\DOCUME~1\Morris\LOCALS~1\Temp\uwloypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA56D1694]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA56D0C38]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA56D12FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xA56D1EE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xA56D0B14]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xA56D3DE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA56D41B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xA56D04FC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xA56D1880]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xA56D1A74]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xA56D02EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA56D260A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA56D2864]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xA56D39DE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA56D0ED4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA56D14D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xA56D1ED8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xA56CFF28]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xA56D1184]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xA56D011E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xA56D2A80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xA56D2EFE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xA56D2CA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xA56D2422]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA56D3472]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xA56D3726]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA56D1CB0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xA56D3BD6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xA56D21AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xA56D0E6E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xA56D1070]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xA56D0912]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA56D06FC]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C6C 805044D8 4 Bytes CALL 04F5B1FB
.rsrc C:\WINDOWS\system32\drivers\dmload.sys entry point in ".rsrc" section [0xBA5AD114]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB918C360, 0x32598D, 0xE8000020]
.text win32k.sys!EngLockSurface + 3927 BF833D97 5 Bytes JMP 88E39610

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!CreateThread + 1A 7C8106A1 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] advapi32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] advapi32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] advapi32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] advapi32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] advapi32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] advapi32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] wininet.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] wininet.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[172] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[328] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[528] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[552] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[720] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[756] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[824] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[836] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012]

kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1264] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 004F7CB0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0080000C
.text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0

#6 busco262

busco262
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:05 AM

Posted 13 July 2010 - 10:06 PM

kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe[1012] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieSvc.exe[1016] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[1024] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1156] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1264] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 004F7CB0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0080000C
.text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1292] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1588] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1724] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0

C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1912] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1948] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[1976] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\cisvc.exe[2028] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[2064] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!CreateThread + 1A 7C8106A1 4 Bytes CALL 0008F31D C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] advapi32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] advapi32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] advapi32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] advapi32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] advapi32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] advapi32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] wininet.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] wininet.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Webroot\Washer\wwDisp.exe[2564] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Sandboxie\SbieCtrl.exe[2596] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CA000A
.text C:\WINDOWS\Explorer.EXE[2600] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A
.text C:\WINDOWS\Explorer.EXE[2600] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C9000C
.text C:\WINDOWS\Explorer.EXE[2600] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2600] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80

C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] shell32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] shell32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] shell32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] shell32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] wininet.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2880] wininet.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[3032] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!SetUnhandledExceptionFilter 7C844915 5 Bytes JMP 32605164 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] ole32.dll!OleLoadFromStream 77529CC5 5 Bytes JMP 330B9D32 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] SHELL32.DLL!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] SHELL32.DLL!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] SHELL32.DLL!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3308] SHELL32.DLL!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Morris\Desktop\rvx7vrig.exe[3344] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[3432] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3480] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RUNDLL32.EXE[3556] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3672] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] user32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] SHELL32.DLL!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] SHELL32.DLL!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] SHELL32.DLL!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] SHELL32.DLL!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] OLE32.DLL!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] OLE32.DLL!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe[3696] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3976] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 2 Bytes JMP 006ECF90 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3976] ntdll.dll!NtAllocateVirtualMemory + 3 7C90CF71 2 Bytes [DE, 83]
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[4008] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[4016] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\PowerISO\PWRISOVM.EXE[4048] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!GetProcAddress 7C80ADF0 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!LoadLibraryW 7C80AE9B 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!GetModuleHandleA 7C80B6F1 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!GetModuleHandleW 7C80E48D 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!CreateFileW 7C8107B0 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!MoveFileWithProgressW 7C81F6DE 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!MoveFileW 7C821211 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!OpenFile 7C821932 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!CopyFileExW 7C827AE2 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!CopyFileA 7C82869E 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!CopyFileW 7C82F82B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!DeleteFileA 7C831E8D 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!DeleteFileW 7C831F13 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!MoveFileExW 7C83563B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!MoveFileA 7C835E6F 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!MoveFileWithProgressA 7C835E8E 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!MoveFileExA 7C85E333 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!CopyFileExA 7C85F234 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!WinExec 7C8622B5 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] kernel32.dll!LoadModule 7C8623C6 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] USER32.dll!EndTask 7E459FF5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ADVAPI32.dll!CreateProcessAsUserW 77DEA8B1 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ADVAPI32.dll!CreateProcessAsUserA 77E10C08 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] ole32.dll!CoGetClassObject 775156ED 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] SHELL32.dll!ShellExecuteExW 7CA025D3 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] SHELL32.dll!ShellExecuteEx 7CA40E95 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] SHELL32.dll!ShellExecuteA 7CA411C0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] SHELL32.dll!ShellExecuteW 7CAB59D0 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] WININET.dll!InternetConnectA 63019446 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\rundll32.exe[4060] WININET.dll!InternetConnectW 6301F4E2 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 39
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 36

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\dmload.sys suspicious modification

---- EOF - GMER 1.0.15 ----

So Sorry for the long replies. My computer was acting up and kept popping an error...

#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:05 PM

Posted 13 July 2010 - 10:12 PM

Hello, busco262.
No need to apologize smile.gif


Backdoor warning!

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In most cases, a reformat and clean install of the Operating System is the best solution for your (and probably other's) safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Where to draw the line? When to recommend a format and reinstall?


Again, if you would like me to attempt to clean it, I will be happy to do so. But if you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful. Should you have any questions, please feel free to ask.

Please let me know what you decide to do. If you decide to continue with the fix, please proceed with the steps below.



We need to disable TeaTimer
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. ClickMode and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press yes
  5. Click on Tools
  6. Click on Resident
  7. Uncheck the following checkboxes:
    • Resident "SDHelper" (Internet Explorer bad download blocker) active.
    • Resident "TeaTimer" (Protection for over-all system settings) active.
  8. Close/Exit Spybot Search and Destroy


NEXT:

We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper

In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#8 busco262

busco262
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:05 AM

Posted 14 July 2010 - 07:11 PM

Hi

I have decided to proceed with the cleaning process. I have disabled TeaTimer, downloaded ComboFix and saved ComboFix.exe to my desktop. However, when I tried to run it, I had an error shown in the attached image. Have I done something wrong?

Please let me know how to proceed.

Thanks

Attached Files


#9 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:05 PM

Posted 14 July 2010 - 08:08 PM

Hi!

Try running combofix from safe mode. Does that allow it to run?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#10 busco262

busco262
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:05 AM

Posted 14 July 2010 - 10:11 PM

Hi,

ComboFix was allowed to run is safe mode. It restarted once (maybe twice) and generated the log below:

++++++++++++++

ComboFix 10-07-14.01 - Morris 07/14/2010 19:35:23.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1601 [GMT -7:00]
Running from: c:\documents and settings\Morris\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Morris\Local Settings\Application Data\Windows Server
c:\windows\system32\BSTIeprintctl1.dll
H:\Autorun.inf
H:\install.exe

Infected copy of c:\windows\system32\drivers\dmload.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-13 23:45 . 2010-07-13 23:46 -------- d-----w- C:\rsit
2010-07-10 14:38 . 2010-07-10 14:38 388096 ----a-r- c:\documents and settings\Morris\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-10 13:19 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-10 13:19 . 2010-07-10 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-10 13:19 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 04:23 . 2010-07-09 04:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-05 14:52 . 2010-07-09 04:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-03 02:27 . 2010-07-03 02:30 -------- dc-h--w- c:\windows\ie8
2010-06-29 07:10 . 2010-06-29 07:10 -------- d-----w- C:\Fraps
2010-06-29 06:54 . 2010-06-29 06:54 -------- d-----w- c:\windows\system32\AGEIA
2010-06-29 06:54 . 2010-06-29 06:54 -------- d-----w- c:\program files\AGEIA Technologies
2010-06-29 06:53 . 2010-06-29 06:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-29 06:49 . 2008-07-23 22:24 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-26 16:55 . 2010-06-26 16:55 -------- d-----w- C:\VritualRoot
2010-06-26 15:59 . 2010-06-26 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-06-26 15:51 . 2010-06-26 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-06-23 19:44 . 2010-07-04 14:32 -------- d-----w- c:\documents and settings\Morris\Local Settings\Application Data\higynoubn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 02:55 . 2009-05-15 13:30 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-07-13 20:07 . 2008-01-03 01:34 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-11 04:59 . 2008-04-27 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-09 13:05 . 2008-01-03 18:10 -------- d-----w- c:\documents and settings\Morris\Application Data\uTorrent
2010-07-05 17:54 . 2008-03-18 18:27 -------- d-----w- c:\program files\Yahoo!
2010-07-03 02:30 . 2008-03-18 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-29 07:11 . 2008-12-26 00:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-28 06:00 . 2009-03-31 23:46 -------- d-----w- c:\program files\Windows Live Safety Center
2010-06-28 06:00 . 2008-03-25 04:05 -------- d-----w- c:\program files\Yahoo! Games
2010-06-28 05:58 . 2008-09-25 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Tablet
2010-06-28 05:57 . 2010-03-27 08:08 -------- d-----w- c:\program files\PeerGuardian2
2010-06-28 05:57 . 2009-04-03 19:47 -------- d-----w- c:\documents and settings\Morris\Application Data\Move Networks
2010-06-28 05:53 . 2008-01-04 03:05 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-06-28 05:51 . 2009-05-28 20:29 -------- d-----w- c:\program files\HyperTerminal
2010-06-26 15:57 . 2008-04-28 03:04 -------- d-----w- c:\program files\Comodo
2010-06-13 22:14 . 2008-12-01 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-13 20:54 . 2008-08-23 14:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-12 08:55 . 2010-06-12 08:55 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_SuperCollapse3\IAF.dll
2010-06-12 08:55 . 2010-06-12 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2010-06-04 18:55 . 2010-06-04 18:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 02:00 . 2010-06-02 02:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-02 02:00 . 2010-06-02 02:00 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-02 02:00 . 2010-06-02 02:00 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-02 02:00 . 2010-06-02 02:00 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-23 05:27 . 2008-05-04 19:43 -------- d-----w- c:\program files\PC Wizard 2008
2010-05-22 06:24 . 2010-05-22 06:24 1063320 ----a-w- c:\documents and settings\Morris\gotomypc_533.exe
2010-05-22 00:29 . 2008-01-16 02:55 8 ----a-w- c:\windows\system32\nvModes.dat
2010-05-02 07:09 . 2009-01-17 20:06 1859968 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2004-08-03 23:56 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 147456]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
"nwiz"="nwiz.exe" [2008-07-26 1657376]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-06-08 9129984]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-02 2039240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-1-3 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2008-10-02 13:24 65536 ----a-w- c:\windows\system32\LogonDll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GroupManager]
2009-03-10 05:46 32256 ----a-w- c:\program files\BlogFarmGenerator\groupmanager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 12:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2008-12-03 06:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo! Games\\Scrabble\\Scrabble.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [10/2/2008 6:27 AM 134800]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [6/1/2010 7:00 PM 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/4/2010 11:55 AM 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/1/2010 7:00 PM 25240]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [1/3/2008 1:23 PM 598856]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [1/2/2008 6:55 PM 38528]
S2 gupdate1ca19028c51cfa2;Google Update Service (gupdate1ca19028c51cfa2);c:\program files\Google\Update\GoogleUpdate.exe [8/9/2009 8:03 AM 133104]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/29/2009 8:06 PM 36608]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-22 15:01]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 15:03]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-09 15:03]

2010-07-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]

2010-07-14 c:\windows\Tasks\User_Feed_Synchronization-{F8D322F4-2C86-4F27-93BD-8A8E930432AF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.31/uploader2.cab
FF - ProfilePath - c:\documents and settings\Morris\Application Data\Mozilla\Firefox\Profiles\o5c3r2vp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-COMODO Firewall Pro - c:\program files\Comodo\Firewall\cfp.exe
Notify-dimsntfy - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 19:57
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\LogonDll.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(3160)
c:\windows\system32\nview.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\WgaTray.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-07-14 20:05:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-15 03:05
ComboFix2.txt 2008-04-29 12:30

Pre-Run: 9,088,282,624 bytes free
Post-Run: 9,560,866,816 bytes free

- - End Of File - - 127BBE42064513972F12FE148FCAA880
++++++++++++

Thank you.

Busco262

#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:05 PM

Posted 15 July 2010 - 12:41 AM

Hello, busco262.
Glad to hear! smile.gif

How's your computer doing? Are you still experiencing problems? If not, please proceed with the below
We need to run Flash Disinfector
  1. Download Flash_Disinfector and save it to your desktop.
  2. Double-click on Flash_Disinfector.exe to run it and follow the prompts.
  3. Wait until it has finished scanning and then exit the program.
  4. The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone, mp3 player, and so on,
  5. Please do so and allow the utility to clean up those drives as well.

NEXT:

We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 21 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run an ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the ESET Online Scanner button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the Eset Smart Installer icon on your desktop.
  4. Check the "YES, I accept the Terms of Use"
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check Scan archives
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push "List of found threats"
  11. Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the "< button.
  13. Push Finish

In your next reply, please include the following:
  • Eset Scan Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:05 PM

Posted 18 July 2010 - 12:41 AM

Hello busco262
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

#13 busco262

busco262
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:05 AM

Posted 18 July 2010 - 09:44 AM

Hi

I had to run Flash Disinfector in Safe Mode. Below is the ESET Scan log.

++++++++

H:\Downloads\Windows XP Professional 32-bit en-US - Black Edition v2010.2.11.iso Win32/Adware.ADON application deleted - quarantined

+++++++++

Thanks

#14 busco262

busco262
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:05:05 AM

Posted 18 July 2010 - 09:47 AM

BTW. I believe the ESET Scan stalled. I left it running and went to bed last night and when I got up this morning it had been running for over 10 hours and was still at 99% , so I stopped it. I will rerun again to see if it does the same thing.

Thanks

#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Dubai
  • Local time:05:05 PM

Posted 18 July 2010 - 12:27 PM

Okay, no problem smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM

Back to Virus, Trojan, Spyware, and Malware Removal Assistance


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Assistance
  4. Privacy Policy
  5. Rules ·