Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware or virus -


  • This topic is locked This topic is locked
17 replies to this topic

#1 KelM

KelM

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 23 July 2010 - 11:23 AM

I have had an ongoing problem. I contracted a fake.av trojan virus somehow. A local tech guy told me to remove Norton NIS b/c it is no good. He instructed me to then get Super Anti Spyware, Malwarebytes, and Avast freeware. upon scanning with those, trojan viruses were detected and quarantined. I got most of my application use back, but I still have an issue w/popups and when I google and click on a link, either a popup comes up or goes to some random website. especially does this w/google toolbar. I also found out that I was left w/out a firewall and never heard back from the tech guy, so I went to the same websites he told me about - eicar.org, gizmos and file hippo and after some research of reviews, downloaded Comodo freeware to act as my firewall. Did I do the right thing getting rid of NIS and going w/Super Antispyware, Malwarebytes, Avast and Comodo? Also, how can I get rid of whatever is hijacking my internet searches and popups coming up? and how do I know if I have any harmful keyloggers, etc? I am still terrified to use my computer to do online banking, etc. and I really need to be able to do these things. I am not sure I will ever be convinced that it will be safe to do these activities ever again : ( I feel so violated!!!
I have run every kind of scan w/all 3 of those freeware programs, quick, full system, etc. and even a pre-boot scan w/Avast 2x - first time it found and moved to chest a "fake UPS invoice" email and "fake itunes gift card" email and some "fake facebook password" email from my Outlook deleted items box - these apparently contained some kind of Win32:Trojan.gen. After that, all pre-boot Avast scans found no infected items - just a corrupted file for some Adobe Updater 5 Install and 2 decompression bombs related to Comodo downloader files.
Any help anyone could give to get my computer back to normal and where I can trust it to do my banking, etc., I would be eternally grateful.
Here is my HijackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:30 AM, on 7/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kelly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: KX-P7305 and KX-P7310 Status Display.lnk = C:\Program Files\Panasonic\Panasonic KX-P7305 and KX-P7310\Status Display\stmndsp.exe
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KME Remote Server - Panasonic Communications Co.,Ltd. - C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing)
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 10539 bytes

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 31 July 2010 - 07:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 05 August 2010 - 06:37 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:01 PM

Posted 11 August 2010 - 08:55 AM

Reopened at OP's request. Please follow the instructions above.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 04:49 PM

sorry. whew. those scans took a while. below please find the OTL scan and the GMER scan

OTL scan (there were 2 - one scan and then one called "extras" popped up)

OTL logfile created on: 8/12/2010 2:30:45 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Kelly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 60.00 Mb Available Physical Memory | 13.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 38.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.97 Gb Free Space | 71.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 74.53 Gb Total Space | 67.49 Gb Free Space | 90.56% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: ACCOUNTING
Current User Name: Kelly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 360 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/12 13:45:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/06/01 19:00:40 | 002,039,240 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/02/07 21:58:38 | 000,411,112 | ---- | M] (XIMETA, Inc.) -- C:\Program Files\NDAS\System\ndassvc.exe
PRC - [2009/02/07 21:58:38 | 000,341,480 | ---- | M] (XIMETA, Inc.) -- C:\Program Files\NDAS\System\ndasmgmt.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/01 09:45:27 | 000,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/26 07:29:30 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/02/28 16:45:22 | 000,507,904 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/01/29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/04/06 17:52:08 | 000,237,568 | ---- | M] (Delta) -- C:\Program Files\Belkin Bulldog Plus\upsd.exe
PRC - [2003/10/31 10:21:42 | 000,049,152 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\Remote server\KMENTSRV.exe
PRC - [2002/07/25 15:41:38 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin Bulldog Plus\MUPS.exe


========== Modules (SafeList) ==========

MOD - [2010/08/12 13:45:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe
MOD - [2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008/05/13 13:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/13 20:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\snmptrap.exe -- (SNMPTRAP)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/02/07 21:58:38 | 000,411,112 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2004/04/06 17:52:08 | 000,237,568 | ---- | M] (Delta) [Auto | Running] -- C:\Program Files\Belkin Bulldog Plus\upsd.exe -- (UPSentry_Smart)
SRV - [2003/10/31 10:21:42 | 000,049,152 | ---- | M] (Panasonic Communications Co.,Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\Remote server\KMENTSRV.exe -- (KME Remote Server)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/04 11:55:58 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/06/01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/06/01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009/02/07 22:00:08 | 000,100,840 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\lpx.sys -- (lpx)
DRV - [2009/02/07 22:00:06 | 000,276,968 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi)
DRV - [2009/02/07 21:59:52 | 000,783,848 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasrofs.sys -- (ndasrofs)
DRV - [2009/02/07 21:59:46 | 000,416,232 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasfat.sys -- (ndasfat)
DRV - [2009/02/07 21:59:42 | 000,285,160 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ndasfs.sys -- (ndasfs)
DRV - [2009/02/07 21:59:42 | 000,274,920 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\lfsfilt.sys -- (lfsfilt)
DRV - [2009/02/07 21:59:36 | 000,121,320 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2006/12/12 07:43:18 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/03 09:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003/10/19 23:39:56 | 000,073,856 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/03/31 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/31 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [1999/08/30 19:49:56 | 000,003,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Iteio.sys -- (iteio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-484763869-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-484763869-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-484763869-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-484763869-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-484763869-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 C8 E5 A9 C3 37 CB 01 [binary data]
IE - HKU\S-1-5-21-484763869-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-484763869-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-484763869-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/10/01 09:46:16 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-484763869-1606980848-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-484763869-1606980848-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-484763869-1606980848-725345543-1003\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-484763869-1606980848-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KX-P7305 and KX-P7310 Status Display.lnk = C:\Program Files\Panasonic\Panasonic KX-P7305 and KX-P7310\Status Display\stmndsp.exe (Panasonic Communications Co.,Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe (XIMETA, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-484763869-1606980848-725345543-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.68.4.10 216.68.5.10
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/18 14:52:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/10/05 17:01:59 | 000,000,000 | ---D | M] - H:\AutoCAD VBA Macro -- [ NTFS ]
O33 - MountPoints2\{16f5c7b6-3e37-11dd-aae0-00502ca65b8d}\Shell - "" = AutoRun
O33 - MountPoints2\{16f5c7b6-3e37-11dd-aae0-00502ca65b8d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{16f5c7b6-3e37-11dd-aae0-00502ca65b8d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{16f5c7b7-3e37-11dd-aae0-00502ca65b8d}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O33 - MountPoints2\{16f5c7b7-3e37-11dd-aae0-00502ca65b8d}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O33 - MountPoints2\{7ae5d292-89de-11df-ada5-00502ca65b8d}\Shell - "" = AutoRun
O33 - MountPoints2\{7ae5d292-89de-11df-ada5-00502ca65b8d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7ae5d292-89de-11df-ada5-00502ca65b8d}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{8b0549d4-69f6-11db-a8a7-00502ca65b8d}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O33 - MountPoints2\{8b0549d4-69f6-11db-a8a7-00502ca65b8d}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found


Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70100879952314368)

========== Files/Folders - Created Within 360 Days ==========

[2010/08/12 13:45:17 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe
[2010/08/11 16:06:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/30 16:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{0BE4A41F-2461-43DE-B799-C509D8395034}
[2010/07/30 16:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
[2010/07/30 16:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
[2010/07/30 16:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
[2010/07/30 16:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
[2010/07/30 16:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D}
[2010/07/30 16:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{1AFEF0C0-ADCC-4CB8-A867-49377B97E90C}
[2010/07/21 14:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/19 14:12:19 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/07/19 14:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2010/07/19 14:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/07/19 14:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2010/07/14 08:57:45 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/08 09:40:20 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/08 09:40:20 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/08 09:40:19 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/08 09:40:17 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/08 09:40:14 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/08 09:40:14 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/08 09:40:14 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/08 09:39:52 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/07/08 09:39:52 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/08 09:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/08 09:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/08 09:16:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/07 13:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\SUPERAntiSpyware.com
[2010/07/07 13:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/07 13:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/07 13:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\Malwarebytes
[2010/07/07 13:18:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/07 13:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/07 13:18:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/07 13:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 12:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/07/07 12:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\Western_Digital
[2010/07/07 11:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\Western Digital
[2010/07/07 11:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/07/07 11:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/07/07 11:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/07/07 11:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\Western Digital
[2010/07/07 11:52:22 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2010/06/29 16:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\Racing Publ. Shinya
[2010/06/16 08:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1107000.00C
[2010/06/15 11:06:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2010/06/15 10:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/06/11 08:24:35 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/04 11:55:58 | 000,229,312 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2010/06/01 19:00:52 | 000,278,288 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010/06/01 19:00:24 | 000,087,824 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010/06/01 19:00:22 | 000,025,240 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2010/06/01 19:00:20 | 000,015,464 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2010/05/21 17:46:45 | 004,142,592 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\qtintf.dll
[2010/05/21 17:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\APC
[2010/05/17 12:16:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/17 10:57:19 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/05/17 09:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\Downloads
[2010/05/15 10:47:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kelly\IECompatCache
[2010/05/15 07:46:50 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2010/05/14 14:14:18 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/14 14:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/05/14 12:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\vtqoyahut
[2010/05/11 19:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/11 19:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/11 08:35:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/11 08:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/09 09:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\sgiyfciuw
[2010/05/04 16:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\US Bank
[2010/04/29 14:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\SheriJoneInsAudit
[2010/04/24 12:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\FinancialsConvertedFromPCA
[2010/04/20 01:30:08 | 000,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/03/31 00:16:34 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010/03/31 00:10:40 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010/03/10 08:27:30 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/05 10:37:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2010/02/25 09:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\Temp
[2010/02/12 00:33:11 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/02/09 11:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\KMK
[2010/02/03 11:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/03 11:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/03 10:45:14 | 000,000,000 | ---D | C] -- C:\Google
[2010/01/25 11:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\NEC Elite IPK Phone System
[2010/01/13 10:09:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/13 10:01:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2009/12/24 02:59:40 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2009/12/16 14:43:27 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/14 03:08:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/11/27 13:11:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 12:07:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2009/11/27 12:07:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 12:07:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/07 01:07:08 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2009/11/03 10:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/30 09:38:44 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/10/30 09:38:44 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/10/29 08:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/10/21 01:38:36 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2009/10/21 01:38:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2009/10/20 14:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/10/20 12:20:16 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2009/10/13 06:30:16 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2009/10/12 09:38:19 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2009/10/12 09:38:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2009/10/06 09:28:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/06 09:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/06 09:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/06 09:25:58 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/10/06 09:25:58 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/10/06 09:25:57 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/10/06 09:25:56 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/10/06 09:25:54 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/10/06 09:25:54 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/10/02 13:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\vlc
[2009/10/02 13:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\Graboid_Inc
[2009/10/02 13:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\MozillaControl
[2009/10/02 13:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\Mozilla
[2009/10/02 13:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Local Settings\Application Data\Graboid
[2009/10/02 13:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2009/10/02 13:12:37 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/10/02 13:08:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/10/02 13:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/10/02 13:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2009/09/28 13:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\Application Data\Move Networks
[2009/09/04 17:03:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/08/26 08:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\Nishizu
[2009/08/24 15:21:00 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2009/08/24 15:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2009/08/24 14:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kelly\My Documents\Landscape2009
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Kelly\*.tmp files -> C:\Documents and Settings\Kelly\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2010/08/12 14:41:23 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1606980848-725345543-1003UA.job
[2010/08/12 13:47:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/12 13:47:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/12 13:45:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelly\Desktop\OTL.exe
[2010/08/12 13:44:42 | 000,003,211 | ---- | M] () -- C:\WINDOWS\PCW120.ini
[2010/08/12 13:41:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1606980848-725345543-1003Core.job
[2010/08/12 09:45:34 | 000,000,468 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/12 08:08:34 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/12 08:08:31 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Google Chrome.lnk
[2010/08/12 08:03:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/12 08:02:26 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/12 07:56:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/12 07:56:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/12 07:56:04 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 16:12:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/11 16:11:25 | 000,000,583 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/11 16:08:54 | 000,492,798 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 16:08:54 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 16:08:54 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 16:02:25 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/11 15:57:29 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Kelly\NTUSER.DAT
[2010/08/11 15:57:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kelly\ntuser.ini
[2010/08/10 14:53:04 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\BlueChipLandscapeLog2010.xls
[2010/08/09 14:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/03 09:40:02 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\WIRENasco2008.doc
[2010/08/03 09:39:56 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\Fax Coversheet Prof-FA Tech-StarBankSpringdale.doc
[2010/07/30 16:35:21 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2010/07/30 16:27:40 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
[2010/07/30 13:26:45 | 001,262,975 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\SkipBarberShinyaMichimi&AndrewHobbsIMG_0189-1.JPG
[2010/07/29 14:23:55 | 000,604,481 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\SkipBarber2010IMG_0014.JPG
[2010/07/29 14:23:42 | 001,030,574 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\SkipBarber2010IMG_0004.JPG
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/23 11:54:56 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\HiJackThis.lnk
[2010/07/23 10:00:45 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/22 12:49:24 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/22 12:49:24 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/20 11:35:20 | 000,008,429 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Sales Order # 1725.PDF
[2010/07/20 10:20:54 | 000,748,812 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\CCF07202010_00000.jpg
[2010/07/20 10:15:42 | 000,008,398 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Invoice # 2116.pdf
[2010/07/20 09:18:58 | 000,459,973 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\NescoPressureCooker3-in-1_revb.pdf
[2010/07/19 14:09:23 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2010/07/15 14:09:44 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\WKAroadamericaDQpost.doc
[2010/07/08 09:40:21 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/08 09:40:15 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/07 13:23:38 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/07 13:18:27 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/07 12:15:29 | 000,676,174 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/07/07 11:57:02 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/07/07 11:57:01 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/07/06 15:19:49 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\UPSchargesVendors.xls
[2010/07/06 14:32:08 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\UPSFuelSurcharges.xls
[2010/07/06 09:35:04 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\FlodraulicFreightCreditBreakdown.xls
[2010/07/06 09:08:58 | 000,421,067 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\IMG_0019-1.JPG
[2010/07/06 09:08:50 | 000,355,464 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\IMG_0022-1.JPG
[2010/07/05 15:25:47 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\HOA2010.doc
[2010/06/30 15:46:21 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\Fax Coversheet Prof-Michimi.doc
[2010/06/30 08:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2010/06/29 16:06:33 | 000,002,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Business Checks and Forms.lnk
[2010/06/29 16:06:32 | 000,002,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Knowledge Center.lnk
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/24 17:51:58 | 011,077,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/06/24 08:22:03 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/06/24 08:22:02 | 001,210,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/06/24 08:22:01 | 005,951,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/06/24 08:22:01 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/06/24 08:22:01 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/06/24 08:22:01 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/06/24 08:21:59 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/06/24 08:21:59 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/06/24 08:21:59 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/06/24 08:21:59 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/06/24 08:21:59 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/06/24 08:21:59 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/06/24 08:21:59 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/06/24 08:21:59 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/06/24 08:21:58 | 001,986,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/06/24 08:21:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/06/24 08:21:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/06/24 08:21:56 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/24 08:21:55 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/06/24 08:21:55 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/06/23 08:08:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/06/23 08:08:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/06/21 11:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/06/18 09:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/06/17 10:03:00 | 000,080,384 | ---- | M] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll
[2010/06/16 10:42:51 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\APcontactinfoletter20100616.doc
[2010/06/16 10:14:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kelly\My Documents\~$contactinfoletter20100616.doc
[2010/06/15 12:17:24 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax
[2010/06/15 11:02:18 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\Norton Installation Files.lnk
[2010/06/15 09:32:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/14 14:48:31 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\SODAPOP.xls
[2010/06/14 10:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/06/14 03:41:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/06/04 11:55:58 | 000,229,312 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2010/06/03 14:30:27 | 000,131,584 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\VendorFileLabels2010.doc
[2010/06/03 09:59:36 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\VendorFileLabels.doc
[2010/06/01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010/06/01 19:00:24 | 000,087,824 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010/06/01 19:00:22 | 000,025,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2010/06/01 19:00:20 | 000,015,464 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2010/05/28 10:18:43 | 002,256,218 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\IMG_0736.JPG
[2010/05/28 10:17:53 | 002,297,825 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\IMG_0740.JPG
[2010/05/21 18:32:52 | 004,843,006 | -H-- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\IconCache.db
[2010/05/21 17:46:40 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/05/17 10:57:17 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/05/14 14:13:45 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/13 11:30:43 | 000,075,776 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\Fax Coversheet Prof-APolp2010.doc
[2010/05/05 13:08:12 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 22:25:02 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/04/27 22:25:02 | 002,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/27 09:59:13 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/27 09:05:00 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/04/27 09:05:00 | 002,066,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/04/27 09:05:00 | 002,024,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/24 16:35:45 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\YearendFiscalYrClosingChecklist.xls
[2010/04/20 01:30:08 | 000,285,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/04/20 01:30:08 | 000,285,696 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010/04/03 06:39:36 | 002,377,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVCore.dll
[2010/04/03 06:39:36 | 002,377,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll
[2010/04/01 11:10:35 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\WIRENIKK2006.doc
[2010/03/31 00:16:34 | 000,099,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHostProxy.dll
[2010/03/31 00:10:40 | 000,295,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PresentationHost.exe
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010/03/10 02:15:52 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/03/09 12:38:10 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\SODAINV.xls
[2010/03/05 10:37:40 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[2010/03/05 10:37:40 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asycfilt.dll
[2010/03/04 11:33:35 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\WIREFIRINIT2010.doc
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/17 13:54:20 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\CheckLog.xls
[2010/02/16 17:37:08 | 000,145,920 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\VendorFileLabel.doc
[2010/02/12 00:33:11 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/01/29 13:47:17 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\I have a confession to make.doc
[2010/01/29 11:01:30 | 000,691,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/01/29 10:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm
[2010/01/28 18:54:13 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\ShinyaRaceWebsiteUpdate.doc
[2010/01/13 10:01:25 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010/01/12 12:58:50 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\KondoLetterHSBC.doc
[2010/01/12 12:39:01 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\KondoLetterCapitalOne.doc
[2010/01/09 15:11:57 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\ShinyaRacingHistory.doc
[2009/12/24 02:59:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2009/12/18 11:17:01 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\WIRENIKK2009.doc
[2009/12/16 14:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/16 14:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/14 03:08:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/14 03:08:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/09 12:55:05 | 000,538,319 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\HumanaBenefits2009.pdf
[2009/12/09 01:53:44 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/12/09 01:53:44 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/12/08 05:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/12/04 16:25:59 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\Letter to Mr Smith 12-04-09.doc
[2009/11/27 13:11:44 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 12:07:35 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 12:07:35 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2009/11/27 12:07:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/27 12:07:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2009/11/27 12:07:34 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 12:07:34 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/21 11:51:42 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/21 11:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/11/12 13:34:18 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\HSS_SIGNATUREFORM0909.doc
[2009/11/12 13:29:29 | 000,290,816 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\HSS_MEDICALHISTORYFORM09092.doc
[2009/11/12 12:48:00 | 000,022,592 | ---- | M] () -- C:\Documents and Settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/12 12:47:44 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\HSS_PATIENTREGISTRATION0909.DOC
[2009/11/11 14:35:19 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2009/11/07 01:07:08 | 000,049,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netfxperf.dll
[2009/11/04 10:54:19 | 000,451,677 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\CCF11042009_00000.jpg
[2009/11/02 15:26:26 | 000,042,552 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\procedure.pdf
[2009/11/02 14:34:51 | 000,217,670 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\09-10_Club_Brochure.pdf
[2009/10/21 01:38:36 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
[2009/10/21 01:38:36 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll
[2009/10/21 01:38:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
[2009/10/21 01:38:36 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll
[2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys
[2009/10/16 15:11:35 | 000,047,877 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\FlightReservation.pdf
[2009/10/15 12:28:26 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2009/10/15 12:28:26 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/10/15 12:28:26 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2009/10/15 12:28:26 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/10/13 06:30:16 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oakley.dll
[2009/10/13 06:30:16 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll
[2009/10/12 09:38:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rastls.dll
[2009/10/12 09:38:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll
[2009/10/12 09:38:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\raschap.dll
[2009/10/12 09:38:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll
[2009/10/02 08:28:35 | 000,064,664 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\BlueEye.jpg
[2009/09/24 13:53:59 | 000,058,972 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\beaverrun.jpg
[2009/09/11 10:18:39 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2009/09/11 09:34:42 | 000,585,413 | ---- | M] () -- C:\Documents and Settings\Kelly\Desktop\CCF09112009_00000DELPHIMEX.JPG
[2009/09/04 17:03:36 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2009/09/04 15:18:25 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Kelly\My Documents\SLATTERYconfidential.doc
[2009/08/26 04:00:21 | 000,247,326 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\strmdll.dll
[2009/08/26 04:00:21 | 000,247,326 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/08/25 05:17:27 | 000,354,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Kelly\*.tmp files -> C:\Documents and Settings\Kelly\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/30 16:27:40 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stamps.com.lnk
[2010/07/30 16:23:26 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2010/07/30 13:26:45 | 001,262,975 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\SkipBarberShinyaMichimi&AndrewHobbsIMG_0189-1.JPG
[2010/07/29 14:23:54 | 000,604,481 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\SkipBarber2010IMG_0014.JPG
[2010/07/29 14:23:39 | 001,030,574 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\SkipBarber2010IMG_0004.JPG
[2010/07/22 12:49:24 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/22 12:49:24 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/21 14:44:46 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\HiJackThis.lnk
[2010/07/20 11:35:20 | 000,008,429 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Sales Order # 1725.PDF
[2010/07/20 10:21:34 | 000,748,812 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\CCF07202010_00000.jpg
[2010/07/20 10:15:42 | 000,008,398 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Invoice # 2116.pdf
[2010/07/20 09:18:58 | 000,459,973 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\NescoPressureCooker3-in-1_revb.pdf
[2010/07/19 14:09:23 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2010/07/13 17:44:01 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\WKAroadamericaDQpost.doc
[2010/07/08 09:40:21 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/07 13:23:36 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/07 13:18:27 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/07 11:57:01 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/07/07 11:57:00 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/07/06 09:08:58 | 000,421,067 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\IMG_0019-1.JPG
[2010/07/06 09:08:50 | 000,355,464 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\IMG_0022-1.JPG
[2010/07/05 14:15:59 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\HOA2010.doc
[2010/07/01 17:18:41 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\FlodraulicFreightCreditBreakdown.xls
[2010/06/30 15:46:20 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\Fax Coversheet Prof-Michimi.doc
[2010/06/25 13:04:05 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\UPSchargesVendors.xls
[2010/06/16 10:14:21 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kelly\My Documents\~$contactinfoletter20100616.doc
[2010/06/16 10:14:20 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\APcontactinfoletter20100616.doc
[2010/06/16 08:45:31 | 000,676,174 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/06/15 10:14:24 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Norton Installation Files.lnk
[2010/06/03 11:35:02 | 000,131,584 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\VendorFileLabels2010.doc
[2010/05/28 10:18:42 | 002,256,218 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\IMG_0736.JPG
[2010/05/28 10:17:52 | 002,297,825 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\IMG_0740.JPG
[2010/05/21 17:46:39 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/05/19 19:16:25 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\BlueChipLandscapeLog2010.xls
[2010/05/17 09:33:02 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\Google Chrome.lnk
[2010/05/17 09:33:02 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/17 09:30:52 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1606980848-725345543-1003UA.job
[2010/05/17 09:30:51 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1606980848-725345543-1003Core.job
[2010/05/14 14:30:42 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/14 12:34:45 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/11 15:38:37 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\Fax Coversheet Prof-APolp2010.doc
[2010/04/08 09:20:15 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\YearendFiscalYrClosingChecklist.xls
[2010/03/03 11:47:13 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\WIREFIRINIT2010.doc
[2010/02/03 11:24:15 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/03 11:24:14 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/29 13:47:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\I have a confession to make.doc
[2010/01/28 11:28:09 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\ShinyaRaceWebsiteUpdate.doc
[2010/01/12 12:58:50 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\KondoLetterHSBC.doc
[2010/01/12 12:39:00 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\KondoLetterCapitalOne.doc
[2010/01/09 15:11:57 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\ShinyaRacingHistory.doc
[2009/12/18 11:17:01 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\WIRENIKK2009.doc
[2009/12/09 12:55:03 | 000,538,319 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\HumanaBenefits2009.pdf
[2009/12/04 16:25:59 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\Letter to Mr Smith 12-04-09.doc
[2009/11/12 13:34:18 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\HSS_SIGNATUREFORM0909.doc
[2009/11/12 13:29:29 | 000,290,816 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\HSS_MEDICALHISTORYFORM09092.doc
[2009/11/12 12:47:43 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\HSS_PATIENTREGISTRATION0909.DOC
[2009/11/04 10:56:26 | 000,451,677 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\CCF11042009_00000.jpg
[2009/11/04 10:18:29 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Kelly\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2009/11/02 15:26:23 | 000,042,552 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\procedure.pdf
[2009/11/02 14:34:47 | 000,217,670 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\09-10_Club_Brochure.pdf
[2009/10/16 15:11:32 | 000,047,877 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\FlightReservation.pdf
[2009/10/02 08:30:36 | 000,064,664 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\BlueEye.jpg
[2009/09/24 13:54:22 | 000,058,972 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\beaverrun.jpg
[2009/09/11 09:34:41 | 000,585,413 | ---- | C] () -- C:\Documents and Settings\Kelly\Desktop\CCF09112009_00000DELPHIMEX.JPG
[2009/09/04 15:18:24 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Kelly\My Documents\SLATTERYconfidential.doc
[2008/05/01 15:49:16 | 000,000,468 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/05/01 15:49:16 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/05/01 15:41:56 | 000,000,816 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/05/01 15:41:56 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/05/01 15:39:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2008/05/01 15:39:55 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2008/05/01 15:39:21 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2008/05/01 15:39:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/05/01 15:38:06 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/02/13 12:00:47 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/23 13:33:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2004/08/23 13:20:51 | 000,000,315 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2004/08/18 16:11:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/18 15:54:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/18 15:18:53 | 000,003,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Iteio.sys
[2004/08/18 15:17:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2003/02/18 10:28:14 | 000,003,211 | ---- | C] () -- C:\WINDOWS\PCW120.ini
[2003/02/18 09:28:14 | 000,003,092 | ---- | C] () -- C:\WINDOWS\pcw110.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/02/08 02:05:36 | 000,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2000/02/08 02:05:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL
[1999/03/30 09:53:50 | 000,000,793 | ---- | C] () -- C:\WINDOWS\BTI.INI

========== LOP Check ==========

[2010/07/08 09:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/10/09 09:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/12/17 09:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/01/23 14:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/07 12:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/07/07 11:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/07/30 16:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{0BE4A41F-2461-43DE-B799-C509D8395034}
[2010/07/30 16:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1AFEF0C0-ADCC-4CB8-A867-49377B97E90C}
[2010/07/30 16:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{4E417984-0B3D-48F3-9FA4-E1ABB0DA51B7}
[2010/07/30 16:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB89557A-DCAD-4657-A970-8F9A3EFFB34D}
[2010/07/30 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
[2010/07/30 16:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E23E3BED-ADD9-4DF7-B375-5EC5E69FD666}
[2010/07/30 16:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C}
[2005/01/04 16:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Aim
[2008/06/02 10:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\PC-FAX TX
[2008/07/29 12:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\ScanSoft
[2010/07/30 16:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Stamps.com Internet Postage
[2007/01/23 14:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Viewpoint
[2005/01/04 13:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\WeatherBug
[2010/07/07 11:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kelly\Application Data\Western Digital
[2010/08/09 14:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/12 08:02:26 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/06/23 09:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/17 20:52:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/17 20:52:52 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/17 20:52:52 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2010/07/08 09:05:43 | 000,017,376 | ---- | M] () -- C:\aaw7boot.log
[2004/08/18 14:52:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/02/09 09:23:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/18 14:52:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/08/18 14:52:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/01/05 05:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002/01/05 05:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2004/08/18 14:52:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/09 09:15:31 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/08 15:10:08 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/12 14:50:51 | 1160,683,520 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2006/02/09 09:10:26 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/08 15:03:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/02/09 09:10:26 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/08 15:03:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/02/09 09:10:26 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/08 15:03:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/02/09 09:10:26 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/08 15:03:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2004/12/28 21:31:44 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=0706E1CD6B89800781DB038F4B3F5654 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\SoftwareDistribution\Download\93c9bb5898f80e6361e0dc6ea165864f\sp2qfe\user32.dll
[2004/06/17 13:58:35 | 000,560,128 | ---- | M] (Microsoft Corporation) MD5=31FB2D788A9AA618452C02E8375B6DCD -- C:\WINDOWS\$NtUninstallKB891711$\user32.dll
[2003/09/25 12:49:02 | 000,560,128 | ---- | M] (Microsoft Corporation) MD5=32173306185F603E75C477E117F3BB8D -- C:\WINDOWS\$NtUninstallKB840987$\user32.dll
[2002/11/01 18:26:46 | 000,528,896 | ---- | M] (Microsoft Corporation) MD5=68E1F4EF02DF52CA9C5E157045D23582 -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[2005/03/02 14:20:03 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=74202EB1BD67E8BE9509E38C8D2234B0 -- C:\WINDOWS\SoftwareDistribution\Download\93c9bb5898f80e6361e0dc6ea165864f\sp1qfe\user32.dll
[2007/03/08 11:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2004/08/04 03:56:46 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2003/03/31 08:00:00 | 000,560,128 | ---- | M] (Microsoft Corporation) MD5=DD9269230C21EE8FB7FD3FCCC3B1CFCB -- C:\WINDOWS\$NtUninstallKB826939$\user32.dll
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\SoftwareDistribution\Download\93c9bb5898f80e6361e0dc6ea165864f\sp2gdr\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 03:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2003/03/31 08:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=8529C295DF59B564D37A73B5629162B1 -- C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >


#6 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 04:51 PM

here is the OTL that said "extras"

OTL Extras logfile created on: 8/12/2010 2:09:58 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Kelly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 90.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 32.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.97 Gb Free Space | 71.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 74.53 Gb Total Space | 67.49 Gb Free Space | 90.56% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: ACCOUNTING
Current User Name: Kelly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-484763869-1606980848-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FC6799-866E-44A1-A60C-DCF394CF56FD}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B4A246D-3F30-45DA-ABFF-FF5C768F9A74}" = Peachtree Complete Accounting 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{238E20DB-EF53-4388-9B97-2C9E45234D83}" = Peachtree Complete Accounting 2005
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{831AA8FB-B67A-48E0-95FF-D609BC31AF0C}" = Stamps.com Address Book Support for ACT! 3.05 - 6.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9E404AA6-7C63-4D95-B8D2-72256ABB6A9E}" = Stamps.com Address Book Support for Outlook Express, Works, IE
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BC91133D-D42E-49FA-AEB1-A0E36721EEFB}" = NDAS Software 3.43.2003
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C70EFC56-5AA9-4010-8C07-0B2A22CE0F1C}" = Panasonic KX-P7305 and KX-P7310 Ver1.10
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000-2010
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D00324C0-5343-4917-BF1E-D5E45D22B7E8}" = Stamps.com Address Book Support for Common Harmony
"{D61C1058-EDC7-48D0-85B2-B322BE385059}" = Stamps.com Address Book Support for Microsoft Outlook 97-2010
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
"{E3D16DAD-1AEE-11D6-B82B-004033AA2C09}" = Belkin Bulldog Plus
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"avast5" = avast! Free Antivirus
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{00FC6799-866E-44A1-A60C-DCF394CF56FD}" = iTunes
"InstallShield_{1B4A246D-3F30-45DA-ABFF-FF5C768F9A74}" = Peachtree Complete Accounting 2004
"InstallShield_{238E20DB-EF53-4388-9B97-2C9E45234D83}" = Peachtree Complete Accounting 2005
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Peachtree Complete Accounting" = Peachtree Complete Accounting 2005
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"S3" = KM400/KN400 Display Driver and Utilities
"SOYO HW Monitor" = SOYO HW Monitor
"Stamps.com" = Stamps.com
"Stamps.com support for ACT! 3.05 - 6.0" = Stamps.com support for ACT! 3.05 - 6.0
"Stamps.com support for Harmony" = Stamps.com support for Harmony
"Stamps.com support for Microsoft Outlook 2000, 2002, 2003" = Stamps.com support for Microsoft Outlook 2000, 2002, 2003
"Stamps.com support for Microsoft Outlook 2000-2007" = Stamps.com support for Microsoft Outlook 2000-2007
"Stamps.com support for Microsoft Outlook 2000-2010" = Stamps.com support for Microsoft Outlook 2000-2010
"Stamps.com support for Microsoft Outlook 97-2003" = Stamps.com support for Microsoft Outlook 97-2003
"Stamps.com support for Microsoft Outlook 97-2007" = Stamps.com support for Microsoft Outlook 97-2007
"Stamps.com support for Microsoft Outlook 97-2010" = Stamps.com support for Microsoft Outlook 97-2010
"Stamps.com support for Microsoft Word 2000, 2002, 2003" = Stamps.com support for Microsoft Word 2000, 2002, 2003
"Stamps.com support for Microsoft Word 2000-2007" = Stamps.com support for Microsoft Word 2000-2007
"Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
"Stamps.com support for Outlook Express, Works, IE" = Stamps.com support for Outlook Express, Works, IE
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Companion

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-484763869-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2010 2:12:18 PM | Computer Name = ACCOUNTING | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3603 - Fatal Execution Engine Error
(7A09795E) (80131506)

Error - 8/9/2010 8:43:01 AM | Computer Name = ACCOUNTING | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/9/2010 8:43:04 AM | Computer Name = ACCOUNTING | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/9/2010 8:43:04 AM | Computer Name = ACCOUNTING | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/9/2010 8:43:04 AM | Computer Name = ACCOUNTING | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/9/2010 1:46:16 PM | Computer Name = ACCOUNTING | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/11/2010 9:11:59 AM | Computer Name = ACCOUNTING | Source = Google Update | ID = 20
Description =

Error - 8/11/2010 2:20:44 PM | Computer Name = ACCOUNTING | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/12/2010 8:24:34 AM | Computer Name = ACCOUNTING | Source = Application Error | ID = 1000
Description = Faulting application mrt.exe, version 3.10.4001.0, faulting module
unknown, version 0.0.0.0, fault address 0x0e0d605b.

Error - 8/12/2010 8:53:33 AM | Computer Name = ACCOUNTING | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/11/2010 9:10:56 AM | Computer Name = ACCOUNTING | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/11/2010 9:10:56 AM | Computer Name = ACCOUNTING | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/11/2010 9:12:47 AM | Computer Name = ACCOUNTING | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/11/2010 1:07:20 PM | Computer Name = ACCOUNTING | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/11/2010 1:07:20 PM | Computer Name = ACCOUNTING | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/11/2010 1:08:38 PM | Computer Name = ACCOUNTING | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/12/2010 7:56:31 AM | Computer Name = ACCOUNTING | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/12/2010 7:56:31 AM | Computer Name = ACCOUNTING | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/12/2010 8:00:25 AM | Computer Name = ACCOUNTING | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WD SmartWare Background
Service service to connect.

Error - 8/12/2010 8:00:25 AM | Computer Name = ACCOUNTING | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >


#7 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 05:01 PM

after following the instructions to disable CD emulation, I downloaded and followed instructions for the GMER log. I tried to copy and paste the GMER log, but it comes back w/an error message b/c it is too big. I will try to attach it. Please let me know if the attachment didn't work.
thanks! that didn't work either. let me try breaking it up into several replies.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-13 17:43:05
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Kelly\LOCALS~1\Temp\pxlirkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF5A96694]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF56DBCD2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF5A95C38]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF5A962FA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF56DBB8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xF5A95B14]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF5A98DE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF5A991B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF5A954FC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF56DC142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF56DC06C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF56DB764]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xF5A9760A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xF5A97864]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF5A989DE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF5A95ED4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF5A964D6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF56DBC68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF56DB6A4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF5A96184]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF56DB708]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xF5A97A80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xF5A97EFE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF56DBD88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF56DC210]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF5A98472]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF56DBD48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xF5A98726]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xF5A96CB0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF5A98BD6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF56DBEC8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF5A95E6E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF5A96070]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xF5A95912]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF5A956FC]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F56E5F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP F56E45B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.rsrc C:\WINDOWS\System32\DRIVERS\redbook.sys

#8 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 05:06 PM

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[220] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[280] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[372] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 2 Bytes JMP 006ECF90 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[372] ntdll.dll!NtAllocateVirtualMemory + 3 7C90CF71 2 Bytes [DE, 83]
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Messenger\MSMSGS.EXE[380] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10025660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[388] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

#9 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 05:07 PM

.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[396] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[420] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

#10 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 05:10 PM

.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[440] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[608] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[620] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

#11 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 05:11 PM

.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[824] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[880] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[952] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 004F7CB0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007F000C
.text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0261000A
.text C:\WINDOWS\system32\svchost.exe[1004] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1004] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\MUPS.exe[1296] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

#12 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 05:12 PM

.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1316] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndasmgmt.exe[1368] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1376] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[1400] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] KERNEL32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] shell32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] shell32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] shell32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[1416] shell32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

#13 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 05:13 PM

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1548] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00975D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0096CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00975DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00975E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00975E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00975D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00975C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00975D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00975D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00975D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00975CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00975CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00975DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00975C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009734C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 00975CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00975BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00975940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00975BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00975C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009759A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00975DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00975E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00975C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00975980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 009759E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 009759C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00975B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00975A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00975AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00975BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00975B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00975B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00975B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00975A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00975A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00975A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00975AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00975A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00975AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00975B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00975960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00975C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00977420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 00976890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 0096F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 009765F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 0096FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 00976DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 00976B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 009758C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 009758E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 00975920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 00975900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 009778A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00977660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 009758A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[1672] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 00975880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C9000A
.text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CF000A
.text C:\WINDOWS\Explorer.EXE[1756] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C8000C
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1756] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C4000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[1840] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iTunes\iTunesHelper.exe[1908] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

#14 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 05:15 PM

.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\QuickTime\qttask.exe[1916] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] shell32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] shell32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] shell32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1924] shell32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 008A5D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0089CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008A5DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008A5E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008A5E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 008A5D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 008A5C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 008A5D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 008A5D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008A5D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 008A5CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 008A5CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008A5DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 008A5C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008A34C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0089CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 008A5CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008A5BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008A5940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 008A5BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008A5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008A59A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008A5DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008A5E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008A5C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008A5980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 008A59E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 008A59C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008A5B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 008A5A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008A5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 008A5BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 008A5B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008A5B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008A5B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 008A5A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 008A5A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 008A5A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008A5AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 008A5A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 008A5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 008A5B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008A5960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 008A5C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 008A7420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 008A6890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 0089F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 008A65F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 0089FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 008A6DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 008A6B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 008A58C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 008A58E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 008A5920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 008A5900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 008A78A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 008A7660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 008A58A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2012] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 008A5880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2124] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2560] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C4000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2892] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 009A5D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0099CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009A5DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009A5E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009A5E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 009A5D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 009A5C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 009A5D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 009A5D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A5D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 009A5CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 009A5CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A5DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 009A5C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009A34C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 009A5CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009A5BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009A5940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 009A5BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009A5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009A59A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009A5DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009A5E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009A5C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009A5980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 009A59E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 009A59C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009A5B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 009A5A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009A5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 009A5BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 009A5B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009A5B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009A5B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 009A5A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 009A5A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 009A5A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009A5AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 009A5A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 009A5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 009A5B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009A5960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 009A5C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 009A7420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 009A6890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 0099F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 009A65F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 0099FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 009A6DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 009A6B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 009A58C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 009A58E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 009A5920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 009A5900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 009A78A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 009A7660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 009A5840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 009A5860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 009A58A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe[2932] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 009A5880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

#15 KelM

KelM
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 13 August 2010 - 05:18 PM

.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe[3044] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3068] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10025840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10025860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NDAS\System\ndassvc.exe[3280] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[3536] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wdfmgr.exe[3672] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003B5D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003ACEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B5DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003B5E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003B5E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003B5D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003B5C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B5D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003B5D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003B5D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003B5CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003B5CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003B5DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003B5C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003B34C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003ACFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 003B5CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003B5BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003B5940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003B5BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003B5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003B59A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003B5DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B5E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003B5C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003B5980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 003B59E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 003B59C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003B5B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 003B5A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003B5AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 003B5BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003B5B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003B5B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003B5B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 003B5A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 003B5A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 003B5A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003B5AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 003B5A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 003B5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 003B5B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003B5960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 003B5C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 003B6890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003AF730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 003B65F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003AFF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 003B6DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 003B6B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003B7420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 003B58C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 003B58E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 003B5920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 003B5900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 003B5840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 003B5860 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003B78A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003B7660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 003B58A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Belkin Bulldog Plus\upsd.exe[3728] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 003B5880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3760] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3800] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] KERNEL32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] advapi32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] advapi32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] advapi32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] advapi32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] advapi32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] advapi32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] shell32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] shell32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] shell32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe[3856] shell32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\wuauclt.exe[4092] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\wuauclt.exe[4092] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BF000C
.text C:\WINDOWS\system32\wuauclt.exe[4092] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wuauclt.exe[4092] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 100258A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10025880 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] shell32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] shell32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] shell32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Kelly\Desktop\gmer\gmer.exe[7820] shell32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\ndasrofs \Device\NdasRofsControl ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\ndasrofs \NdasRofs ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)
Device -> \Driver\atapi \Device\Harddisk0\DR0 85879EE4

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\NHICHXJI\ltCADTM06G.htm 76 bytes
File C:\WINDOWS\System32\DRIVERS\redbook.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users