Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegAsm32.exe?


  • This topic is locked This topic is locked
49 replies to this topic

#1 tarkovsky

tarkovsky

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 14 March 2011 - 11:05 PM

Hello, Comodo firewall recently found an exe trying to connect to the internet. The application's name is RegAsm32.exe and is located in C:\Users\Spec\AppData\Local\Temp\{031F49AD-508D-491B-BC49-154FD0229E3F}\RegAsm32.exe. The source IP is the same as my IPv4 address. Should I be worried? Thanks in advance. One of the mods says that it might be a trojan of some sort.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:05:12 PM, on 15/3/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\mspaint.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5386 bytes

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:34 PM

Posted 19 March 2011 - 07:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 tarkovsky

tarkovsky
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 19 March 2011 - 07:57 AM

DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Spec at 20:52:18.74 on Sat 19/03/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.65.1033.18.3069.2228 [GMT 8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Spec\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\users\spec\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\ghost recon advanced warfighter\support\register\RegistrationReminder.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\spec\appdata\roaming\mozilla\firefox\profiles\g2qla42o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.furaffinity.net/
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-27 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-27 301528]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 236600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 34744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-27 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-27 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-2-27 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-2-20 493568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-11-5 22896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-19 04:22:11 -------- d-----w- c:\users\spec\appdata\local\{014B58E5-A8A2-43C9-8E7F-AD699F96FA2C}
2011-03-18 03:38:34 -------- d-----w- c:\users\spec\appdata\local\{4D3B4269-9CFE-412F-B3A6-A852B0CD2907}
2011-03-17 15:30:05 -------- d-----w- c:\users\spec\appdata\local\{252F72BB-CE20-4836-852F-D99BFD9BC759}
2011-03-17 03:29:23 -------- d-----w- c:\users\spec\appdata\local\{F315C005-195B-43F6-B781-FAEF735AC76B}
2011-03-16 14:38:30 -------- d-----w- c:\users\spec\appdata\local\{F50AEE14-96F0-4302-8234-5B4AEB24ACAB}
2011-03-16 02:37:18 -------- d-----w- c:\users\spec\appdata\local\{4CCD769A-B865-4656-9BF1-7C82C133FE08}
2011-03-15 14:36:29 -------- d-----w- c:\users\spec\appdata\local\{0A401872-7230-4B5E-8BFC-ABFDF5E723B4}
2011-03-15 09:16:23 -------- d-----w- c:\users\spec\appdata\roaming\Disney Interactive Studios
2011-03-15 09:06:07 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-03-15 09:06:07 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-03-15 09:06:07 -------- d-----w- c:\program files\Disney Interactive Studios
2011-03-15 09:06:06 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-03-15 04:02:33 388096 ----a-r- c:\users\spec\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-15 04:02:33 -------- d-----w- c:\program files\Trend Micro
2011-03-15 02:45:05 -------- d-----w- c:\users\spec\appdata\local\Secunia PSI
2011-03-15 02:45:01 -------- d-----w- c:\program files\Secunia
2011-03-15 02:36:15 -------- d-----w- c:\users\spec\appdata\local\{ACCC905F-75B7-42EE-9F91-B417740778D0}
2011-03-14 04:06:05 -------- d-----w- c:\users\spec\appdata\local\{675EDF1A-F0E6-4FC2-925F-9F199AE89AF7}
2011-03-13 15:42:16 -------- d-----w- c:\users\spec\appdata\local\{83F9CBD5-9A71-4274-B3F4-EBD39FB3A1AC}
2011-03-13 04:06:55 -------- d-----w- c:\users\spec\appdata\roaming\SUPERAntiSpyware.com
2011-03-13 04:06:55 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-03-13 04:06:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-13 03:41:22 -------- d-----w- c:\users\spec\appdata\local\{8E228ADB-7B9A-46A5-87E0-70658A2E22C2}
2011-03-12 10:42:27 -------- d-----w- c:\users\spec\appdata\local\{C9D8CDD7-0B43-4054-80E5-58349C541D7D}
2011-03-12 02:54:29 -------- d-----w- c:\users\spec\appdata\local\{799395CD-0591-4461-8CB2-4CD5C7E1A873}
2011-03-11 06:38:50 -------- d-----w- c:\users\spec\appdata\local\{F02DAA4E-63BE-4B7E-B770-CE02A2AC4852}
2011-03-10 05:01:48 -------- d-----w- c:\users\spec\appdata\local\{4F3BDCC8-5A20-4451-905E-F1B7D3636AEE}
2011-03-09 09:02:46 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 09:02:46 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 09:02:46 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 09:02:46 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 09:02:42 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 09:02:42 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 07:41:23 -------- d-----w- c:\users\spec\appdata\local\{6120398B-0C4C-4A0A-A12C-F0E7185C02CA}
2011-03-08 12:14:50 -------- d-----w- c:\users\spec\appdata\local\{68B918EA-B9E3-4CEA-82A1-9D5E36702980}
2011-03-07 08:34:01 -------- d-----w- c:\users\spec\appdata\local\{D2B15660-58C0-4A78-83E7-5F10A40A08B1}
2011-03-06 12:26:43 -------- d-----w- c:\users\spec\appdata\local\{E85C6DAA-CE8E-4F8B-858B-CFE3F8DE5A49}
2011-03-06 12:23:21 -------- d-----w- c:\program files\COMODO
2011-03-06 12:22:09 -------- d-----w- c:\progra~2\Comodo
2011-03-06 08:07:17 -------- d-----w- c:\users\spec\appdata\local\{8382D191-8EC6-4785-B89A-B8CEFF427364}
2011-03-06 01:43:27 -------- d-----w- c:\users\spec\appdata\local\{9B462398-9F3F-41BD-A43E-A52BA94C3AD6}
2011-03-05 11:59:09 -------- d-----w- c:\program files\KRU
2011-03-05 09:03:38 -------- d-----w- c:\users\spec\appdata\local\{45BDB583-3236-4AE1-BDB1-3EA262BEE3E4}
2011-03-05 09:03:10 -------- d-----w- c:\users\spec\appdata\roaming\Malwarebytes
2011-03-05 09:02:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 09:02:47 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-05 09:02:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-05 09:02:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-05 04:00:22 -------- d-----w- c:\users\spec\appdata\local\{24DDCDC8-AE68-4CD8-B5D1-38CFF4915062}
2011-03-05 03:48:19 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-03-05 03:20:24 -------- d-----w- c:\users\spec\appdata\local\{E1EEF74C-9EF9-47E3-A7E1-D00A7167B709}
2011-03-05 03:16:44 22328 ----a-w- c:\users\spec\appdata\roaming\PnkBstrK.sys
2011-03-05 03:04:55 -------- d-----w- c:\users\spec\appdata\local\{E33631C2-D1CC-4E4E-BBD3-DF83DFB4C06A}
2011-03-04 07:27:43 -------- d-----w- c:\users\spec\appdata\local\{066EC6D4-1A44-41DC-BE60-F67711BFC45D}
2011-03-03 08:53:50 -------- d-----w- c:\users\spec\appdata\local\{972ED6F3-33C9-40FD-8F48-461E27118A18}
2011-03-03 08:53:48 -------- d-----w- c:\users\spec\appdata\local\{5410B190-52FB-40B8-BF76-2911429D04C9}
2011-03-02 07:53:47 -------- d-----w- c:\users\spec\appdata\local\{CA4110DF-38C3-44AC-AA4E-401D16649539}
2011-03-01 08:18:37 15256 ----a-w- c:\users\spec\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-03-01 08:15:59 -------- d-----w- c:\progra~2\Codemasters
2011-03-01 07:21:36 -------- d-----w- c:\users\spec\appdata\local\{5B7F1BA8-E3EF-430B-9CE0-93C46F00DC20}
2011-02-28 14:38:13 -------- d-----w- c:\program files\Codemasters
2011-02-28 09:15:28 -------- d-----w- c:\users\spec\appdata\local\{7A489F53-5DDB-46C4-B10D-28D51B77E8E5}
2011-02-28 09:15:15 -------- d-----w- c:\users\spec\Tracing
2011-02-28 09:05:28 -------- d-----w- c:\windows\PCHEALTH
2011-02-28 09:03:42 6260088 ----a-w- c:\program files\common files\windows live\.cache\650471161cbd72602\Silverlight.4.0.exe
2011-02-28 09:02:21 -------- d-----w- c:\users\spec\appdata\local\Windows Live
2011-02-28 09:02:20 -------- d-----w- c:\program files\common files\Windows Live
2011-02-28 08:50:06 -------- d-----w- c:\program files\Windows Portable Devices
2011-02-28 08:48:34 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-02-28 08:48:33 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-02-28 08:48:33 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-02-28 08:48:16 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-02-28 08:48:15 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-02-28 08:48:15 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-02-28 08:48:15 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-02-28 08:48:15 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-02-28 08:48:15 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-02-28 08:48:14 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-02-28 08:46:43 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-02-28 08:44:47 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-02-27 15:55:53 -------- d-----w- c:\windows\system32\vi-VN
2011-02-27 15:55:53 -------- d-----w- c:\windows\system32\eu-ES
2011-02-27 15:55:53 -------- d-----w- c:\windows\system32\ca-ES
2011-02-27 15:46:31 -------- d-----w- c:\windows\system32\EventProviders
2011-02-27 15:46:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-02-27 15:46:02 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-02-27 15:46:02 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-02-27 15:46:01 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-02-27 15:46:00 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-02-27 15:46:00 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-02-27 15:06:36 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-27 15:06:36 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-27 15:06:36 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-27 15:06:36 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-27 15:06:36 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-27 15:03:02 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-27 15:03:02 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-02-27 15:03:02 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-27 15:02:54 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-27 15:02:53 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-27 15:02:53 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-27 15:02:53 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-27 15:02:53 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-27 15:02:49 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-27 15:02:48 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-02-27 15:02:47 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-27 14:12:25 72704 ----a-w- c:\windows\system32\admparse.dll
2011-02-27 14:06:06 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-02-27 14:06:04 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e069cf52-ce0f-408f-8369-cb029f5d79e5}\mpengine.dll
2011-02-27 14:06:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-27 13:54:40 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-02-27 13:54:40 518144 ----a-w- c:\windows\system32\RMActivate.exe
2011-02-27 13:54:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2011-02-27 13:54:33 471552 ----a-w- c:\windows\system32\secproc.dll
2011-02-27 13:54:33 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-02-27 13:54:33 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-02-27 13:54:33 332288 ----a-w- c:\windows\system32\msdrm.dll
2011-02-27 13:54:32 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-02-27 13:54:32 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-02-27 13:54:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-02-27 13:54:02 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-02-27 13:54:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-02-27 13:52:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-02-27 13:51:59 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-27 13:45:01 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-02-27 13:43:46 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-02-27 13:26:24 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-02-27 13:26:18 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-02-27 13:26:16 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-02-27 13:26:16 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-02-27 13:20:56 -------- d-----w- C:\NVIDIA
2011-02-27 13:13:42 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-27 13:13:42 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-27 13:13:11 40648 ----a-w- c:\windows\avastSS.scr
2011-02-27 13:13:09 -------- d-----w- c:\program files\AVAST Software
2011-02-27 13:13:09 -------- d-----w- c:\progra~2\AVAST Software
2011-02-27 12:40:57 -------- d-----w- c:\users\spec\appdata\local\Hewlett-Packard
2011-02-27 12:40:56 -------- d-----w- c:\users\spec\appdata\roaming\PowerCinema
2011-02-27 12:40:37 -------- d-----w- c:\users\spec\appdata\local\VirtualStore
2011-02-27 12:32:05 -------- d-----w- c:\users\spec\appdata\roaming\HP TCS
2011-02-27 12:26:27 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
2011-02-28 14:49:29 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-28 14:49:29 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27:00 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27:00 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-07 13:06:44 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 13:06:34 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 13:06:14 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 13:06:02 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-01-07 13:06:02 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 13:06:02 111208 ----a-w- c:\windows\system32\nvmctray.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 17:42:04 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
.
============= FINISH: 20:52:48.86 ===============

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 27/2/2011 8:20:02 PM
System Uptime: 19/3/2011 12:16:11 PM (8 hours ago)
.
Motherboard: FOXCONN | | Napa
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 392.485 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 2.835 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
avast! Free Antivirus
COMODO Internet Security
Compatibility Pack for the 2007 Office system
D3DX10
DirectX for Managed Code Update (Summer 2004)
DiRT2
Enhanced Multimedia Keyboard Solution
Far Cry
Far Cry (Patch 1.4)
Far Cry 2
Ghost Recon Advanced Warfighter
Hardware Diagnostic Tools
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
LightScribe System Software 1.14.32.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.15)
MSVCRT
muvee Reveal
My HP Games
NVIDIA 3D Vision Driver 266.58
NVIDIA Control Panel 266.58
NVIDIA Drivers
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
OpenAL
PowerDirector
Pure
Python 2.6 pywin32-212
Python 2.6.1
Rapture3D 2.3.22 Game
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Shattered Galaxy
SUPERAntiSpyware
Tom Clancy's Rainbow Six Vegas 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
19/3/2011 12:18:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
19/3/2011 12:18:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
19/3/2011 12:18:11 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi cmdGuard cmdHlp DfsC inspect NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr SRTSP SRTSPX tdx Wanarpv6
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/3/2011 12:24:12 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
13/3/2011 12:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
13/3/2011 12:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/3/2011 12:23:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
13/3/2011 12:23:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
13/3/2011 12:23:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/3/2011 12:23:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
.
==== End Of File ===========================

I have not disabled any CD enulation software before running DDS.

Will post GMER log shortly

#4 tarkovsky

tarkovsky
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 19 March 2011 - 08:36 AM

GMER 1.0.15.15565 - http://www.gmer.net
Rootkit scan 2011-03-19 21:23:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6 ST3500418AS rev.HP22
Running: gmer.exe; Driver: C:\Users\Spec\AppData\Local\Temp\kwldypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8F4A89CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8F4AAEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8F4AAF04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8F4AB01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8F4AAE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8F4AAF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8F4AAE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8F4AAFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8F4A89EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8F4A87B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8F4A8A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8F4AB412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8F4A94AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8F4AAEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8F4AAF2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8F4AB044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8F4AAE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8F4AAF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8F4AAE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8F4AAFF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8F4A9370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8F4A8A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8F4A8A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8F4A8812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8F4A894E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8F4A892A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8F4A8972]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8F4A8A7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 824B5890 4 Bytes [CA, 89, 4A, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D1 824B5954 8 Bytes [AC, AE, 4A, 8F, 04, AF, 4A, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 824B5960 4 Bytes [1A, B0, 4A, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1F5 824B5978 4 Bytes [02, AE, 4A, 8F]
.text ntkrnlpa.exe!KeSetEvent + 215 824B5998 8 Bytes [54, AF, 4A, 8F, 56, AE, 4A, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 825E05C7 5 Bytes JMP 8F99229E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 826394F3 5 Bytes JMP 8F993D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82642E18 4 Bytes CALL 8F4A9E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82646A8C 4 Bytes CALL 8F4A9E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Users\Spec\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[612] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000600A8
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000601D4
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000600E4
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00060120
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0006015C
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00060198
.text C:\Windows\system32\wininit.exe[612] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000700A8
.text C:\Windows\system32\wininit.exe[612] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000700E4
.text C:\Windows\system32\wininit.exe[612] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00070120
.text C:\Windows\system32\wininit.exe[612] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00070030
.text C:\Windows\system32\wininit.exe[612] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0007006C
.text C:\Windows\system32\wininit.exe[612] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[612] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\services.exe[656] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[656] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000800A8
.text C:\Windows\system32\services.exe[656] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\services.exe[656] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\services.exe[656] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\services.exe[656] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\services.exe[656] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsass.exe[668] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000800A8
.text C:\Windows\system32\lsass.exe[668] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\lsass.exe[668] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\lsass.exe[668] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\lsass.exe[668] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsass.exe[668] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[668] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsm.exe[680] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[680] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000D00A8
.text C:\Windows\system32\lsm.exe[680] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000D00E4
.text C:\Windows\system32\lsm.exe[680] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 000D0120
.text C:\Windows\system32\lsm.exe[680] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 000D0030
.text C:\Windows\system32\lsm.exe[680] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 000D006C
.text C:\Windows\system32\lsm.exe[680] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\winlogon.exe[840] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[840] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0005015C
.text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00050198
.text C:\Windows\system32\winlogon.exe[840] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[840] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000600A8
.text C:\Windows\system32\winlogon.exe[840] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\winlogon.exe[840] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00060120
.text C:\Windows\system32\winlogon.exe[840] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\winlogon.exe[840] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[868] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[868] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 005900A8
.text C:\Windows\system32\svchost.exe[868] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 005900E4
.text C:\Windows\system32\svchost.exe[868] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00590120
.text C:\Windows\system32\svchost.exe[868] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00590030
.text C:\Windows\system32\svchost.exe[868] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0059006C
.text C:\Windows\system32\svchost.exe[868] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0017015C
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00170198
.text C:\Windows\system32\nvvsvc.exe[928] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[928] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[928] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[928] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\nvvsvc.exe[928] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\nvvsvc.exe[928] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[928] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 002300A8
.text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 002300E4
.text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00230120
.text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00230030
.text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0023006C
.text C:\Windows\system32\svchost.exe[964] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[964] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 00150030
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 0015006C
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 0050ED30 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 005266C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001700A8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001700E4
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00170120
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00170030
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0017006C
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 0028006C
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 002800A8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 002801D4
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 002800E4
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00280120
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0028015C
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00280198
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1036] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 00280030
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000D00A8
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000D00E4
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 000D0120
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 000D0030
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 000D006C
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1100] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 000B015C
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001E00A8
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001E00E4
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 001E0120
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 001E0030
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 001E006C
.text C:\Windows\System32\svchost.exe[1188] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] shell32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] shell32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] shell32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1188] shell32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1216] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 002600A8
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 002600E4
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00260120
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00260030
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0026006C
.text C:\Windows\System32\svchost.exe[1216] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1216] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8

.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1248] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 005900A8
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 005900E4
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00590120
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00590030
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0059006C
.text C:\Windows\system32\svchost.exe[1248] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] WININET.dll!InternetConnectA 76FFDEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1248] WININET.dll!InternetConnectW 76FFF862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001100A8
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001100E4
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00110120
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00110030
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0011006C
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1376] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1468] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000E00A8
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000E00E4
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 000E0120
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 000E0030
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 000E006C
.text C:\Windows\system32\svchost.exe[1468] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] shell32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] shell32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] shell32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] shell32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] WinInet.dll!InternetConnectA 76FFDEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1468] WinInet.dll!InternetConnectW 76FFF862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001700A8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001701D4
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001700E4
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00170120
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0017015C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00170198
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001800A8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001800E4
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00180120
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00180030
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0018006C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1536] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0017015C
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00170198
.text C:\Windows\system32\nvvsvc.exe[1576] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001900A8
.text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001900E4
.text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00190120
.text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00190030
.text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0019006C
.text C:\Windows\system32\nvvsvc.exe[1576] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1576] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!LdrUnloadDll 7718B740 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ADVAPI32.dll!CreateServiceW 75839EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ADVAPI32.dll!CreateServiceA 758772A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conime.exe[1696] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!LdrUnloadDll 7718B740 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!SetUnhandledExceptionFilter 76E9A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ADVAPI32.dll!CreateServiceW 75839EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] ADVAPI32.dll!CreateServiceA 758772A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] wininet.dll!InternetConnectA 76FFDEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1868] wininet.dll!InternetConnectW 76FFF862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1948] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 007000A8
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 007000E4
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00700120
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00700030
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0070006C
.text C:\Windows\system32\svchost.exe[1948] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001D00A8
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001D01D4
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001D00E4
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 001D0120
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 001D015C
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 001D0198
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001E00A8
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001E00E4
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 001E0120
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 001E0030
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 001E006C
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] shell32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] shell32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] shell32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] shell32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Spec\Desktop\gmer\gmer.exe[1984] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\System32\spoolsv.exe[1988] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000A00A8
.text C:\Windows\System32\spoolsv.exe[1988] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000A00E4
.text C:\Windows\System32\spoolsv.exe[1988] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 000A0120
.text C:\Windows\System32\spoolsv.exe[1988] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 000A0030
.text C:\Windows\System32\spoolsv.exe[1988] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 000A006C
.text C:\Windows\System32\spoolsv.exe[1988] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1988] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 00150030
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 0015006C
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 00744760 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 0017006C
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001700A8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001701D4
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001700E4
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00170120
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0017015C
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00170198
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 00170030
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001800A8
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001800E4
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00180120
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00180030
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2060] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0018006C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001900A8
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001901D4
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001900E4
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00190120
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0019015C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00190198
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001A00A8
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001A00E4
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] USER32.dll!UnhookWindowsHookEx 761998DB 3 Bytes JMP 001A0120
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] USER32.dll!UnhookWindowsHookEx + 4 761998DF 1 Byte [8A]
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 001A0030
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] USER32.dll!UnhookWinEvent 7619C06F 3 Bytes JMP 001A006C
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] USER32.dll!UnhookWinEvent + 4 7619C073 1 Byte [8A]
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2176] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2300] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 002300A8
.text C:\Windows\system32\svchost.exe[2300] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 002300E4
.text C:\Windows\system32\svchost.exe[2300] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00230120
.text C:\Windows\system32\svchost.exe[2300] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00230030
.text C:\Windows\system32\svchost.exe[2300] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0023006C
.text C:\Windows\system32\svchost.exe[2300] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2300] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001700A8
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001701D4
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001700E4
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00170120
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0017015C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00170198
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001800A8
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001800E4
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00180120
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00180030
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0018006C
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2356] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2392] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001300A8
.text C:\Windows\system32\svchost.exe[2392] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001300E4
.text C:\Windows\system32\svchost.exe[2392] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00130120
.text C:\Windows\system32\svchost.exe[2392] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00130030
.text C:\Windows\system32\svchost.exe[2392] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0013006C
.text C:\Windows\system32\svchost.exe[2392] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2392] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2420] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[2420] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[2420] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 0017006C
.text C:\Windows\System32\svchost.exe[2420] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001700A8
.text C:\Windows\System32\svchost.exe[2420] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001701D4
.text C:\Windows\System32\svchost.exe[2420] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001700E4
.text C:\Windows\System32\svchost.exe[2420] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00170120
.text C:\Windows\System32\svchost.exe[2420] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0017015C
.text C:\Windows\System32\svchost.exe[2420] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00170198
.text C:\Windows\System32\svchost.exe[2420] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000800A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000801D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000800E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00080120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0008015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 3 Bytes JMP 00080198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!ChangeServiceConfig2W + 4 758771E5 1 Byte [8A]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000900A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000900E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00090120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00090030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0009006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2444] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\SearchIndexer.exe[2492] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000800A8
.text C:\Windows\system32\SearchIndexer.exe[2492] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\SearchIndexer.exe[2492] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\SearchIndexer.exe[2492] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\SearchIndexer.exe[2492] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\SearchIndexer.exe[2492] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2492] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000800A8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000800E4
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00080120
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2552] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001700A8
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001700E4
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00170120
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00170030
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00180120
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0018015C
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00180198
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[2628] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\WUDFHost.exe[2732] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2732] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000800A8
.text C:\Windows\system32\WUDFHost.exe[2732] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\WUDFHost.exe[2732] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\WUDFHost.exe[2732] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\WUDFHost.exe[2732] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\WUDFHost.exe[2732] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000800A8
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000801D4
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000800E4
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00080120
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0008015C
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 3 Bytes JMP 00080198
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W + 4 758771E5 1 Byte [8A]
.text C:\Windows\system32\taskeng.exe[2896] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000900A8
.text C:\Windows\system32\taskeng.exe[2896] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000900E4
.text C:\Windows\system32\taskeng.exe[2896] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00090120
.text C:\Windows\system32\taskeng.exe[2896] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00090030
.text C:\Windows\system32\taskeng.exe[2896] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0009006C
.text C:\Windows\system32\taskeng.exe[2896] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2896] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 000B015C
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\taskeng.exe[3068] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000C00A8
.text C:\Windows\system32\taskeng.exe[3068] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000C00E4
.text C:\Windows\system32\taskeng.exe[3068] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 000C0120
.text C:\Windows\system32\taskeng.exe[3068] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 000C0030
.text C:\Windows\system32\taskeng.exe[3068] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 000C006C
.text C:\Windows\system32\taskeng.exe[3068] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[3068] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00070120
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0007015C
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00070198
.text C:\Windows\system32\Dwm.exe[3124] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000800A8
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\Dwm.exe[3124] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[3124] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 003400A8
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 003401D4
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 003400E4
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00340120
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0034015C
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00340198
.text C:\Windows\Explorer.EXE[3288] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 003500A8
.text C:\Windows\Explorer.EXE[3288] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 003500E4
.text C:\Windows\Explorer.EXE[3288] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00350120
.text C:\Windows\Explorer.EXE[3288] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00350030
.text C:\Windows\Explorer.EXE[3288] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0035006C
.text C:\Windows\Explorer.EXE[3288] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[3288] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!LdrUnloadDll 7718B740 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ADVAPI32.dll!CreateServiceW 75839EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ADVAPI32.dll!CreateServiceA 758772A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] WININET.dll!InternetConnectA 76FFDEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] WININET.dll!InternetConnectW 76FFF862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001700A8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001700E4
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00170120
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00170030
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0017006C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001800A8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001801D4
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001800E4
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00180120
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0018015C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00180198
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3436] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[3652] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 000F00A8
.text C:\Windows\system32\svchost.exe[3652] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 000F00E4
.text C:\Windows\system32\svchost.exe[3652] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 000F0120
.text C:\Windows\system32\svchost.exe[3652] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 000F0030
.text C:\Windows\system32\svchost.exe[3652] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 000F006C
.text C:\Windows\system32\svchost.exe[3652] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3652] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!LdrUnloadDll 7718B740 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] KERNEL32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ADVAPI32.dll!CreateServiceW 75839EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ADVAPI32.dll!CreateServiceA 758772A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] shell32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] shell32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] shell32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] shell32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[3688] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001700A8
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001700E4
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00170120
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00170030
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00180120
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0018015C
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00180198
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] wininet.dll!InternetConnectA 76FFDEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[4848] wininet.dll!InternetConnectW 76FFF862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!LdrLoadDll 771793A8 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!LdrUnloadDll 7718B740 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!LdrGetProcedureAddress 771957A0 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtAllocateVirtualMemory 771B3F84 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtClose 771B4164 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtCreateFile 771B4224 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtCreateProcess 771B42E4 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtCreateProcessEx 771B42F4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtDeleteFile 771B4604 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtFreeVirtualMemory 771B4794 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtLoadDriver 771B48B4 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtOpenFile 771B4A04 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtProtectVirtualMemory 771B4B84 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtSetInformationProcess 771B5174 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtUnloadDriver 771B53C4 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!NtWriteVirtualMemory 771B54C4 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!KiUserExceptionDispatcher 771B5BF8 5 Bytes JMP 1002C750 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ntdll.dll!RtlAllocateHeap 771B63B0 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!CreateProcessW 76E71BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!CreateProcessA 76E71C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!VirtualProtect 76E71DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!OpenFile 76E7355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!MoveFileW 76E7A2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!CopyFileExW 76E80211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!CopyFileW 76E80299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!DeleteFileW 76E8F4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!DeleteFileA 76E8F5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!MoveFileWithProgressW 76E910A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!MoveFileExW 76E910C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!LoadLibraryExW 76E99109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!LoadLibraryW 76E99362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!LoadLibraryExA 76E994B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!LoadLibraryA 76E994DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!GetProcAddress 76EB903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!GetModuleHandleA 76EB92A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!GetModuleHandleW 76EBA804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!CreateFileW 76EBAECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!CreateFileA 76EBCE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!MoveFileExA 76EC0F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!MoveFileWithProgressA 76EC0F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!CopyFileA 76EC2433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!MoveFileA 76EFF641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!CopyFileExA 76F019F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!WinExec 76F05CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] kernel32.dll!LoadModule 76F05E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!CreateProcessAsUserA 757FCEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!CreateProcessAsUserW 75811EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!OpenServiceA 75812EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!OpenServiceW 75818354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!CreateServiceW 75839EB4 5 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!DeleteService 7583A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!SetServiceObjectSecurity 75876CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!ChangeServiceConfigA 75876DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!ChangeServiceConfigW 75876F81 5 Bytes JMP 00170120
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!ChangeServiceConfig2A 75877099 5 Bytes JMP 0017015C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!ChangeServiceConfig2W 758771E1 5 Bytes JMP 00170198
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ADVAPI32.dll!CreateServiceA 758772A1 5 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] WS2_32.dll!WSASocketW 75F634EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] WS2_32.dll!WSASocketA 75F68FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] USER32.dll!SetWindowsHookExA 76196322 5 Bytes JMP 001800A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] USER32.dll!SetWindowsHookExW 761987AD 5 Bytes JMP 001800E4
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] USER32.dll!UnhookWindowsHookEx 761998DB 5 Bytes JMP 00180120
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] USER32.dll!SetWinEventHook 76199F3A 5 Bytes JMP 00180030
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] USER32.dll!UnhookWinEvent 7619C06F 5 Bytes JMP 0018006C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] USER32.dll!EndTask 761DAD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ole32.dll!CoGetClassObject 75E4FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] ole32.dll!CoCreateInstanceEx 75E69F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] SHELL32.dll!ShellExecuteW 76259725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] SHELL32.dll!ShellExecuteExW 762AC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] SHELL32.dll!ShellExecuteEx 7645A292 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] SHELL32.dll!ShellExecuteA 7645A32D 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] WININET.dll!InternetConnectA 76FFDEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5996] WININET.dll!InternetConnectW 76FFF862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 22 March 2011 - 05:49 PM

Hello, tarkovsky.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Step 1

We need to create an OTL report,
  • Please download OTL from this link.
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:

    c:\users\spec\appdata\local\{014B58E5-A8A2-43C9-8E7F-AD699F96FA2C}\*.*
    c:\users\spec\appdata\local\{4D3B4269-9CFE-412F-B3A6-A852B0CD2907}\*.*
    c:\users\spec\appdata\local\{252F72BB-CE20-4836-852F-D99BFD9BC759}\*.*
    c:\users\spec\appdata\local\{F315C005-195B-43F6-B781-FAEF735AC76B}\*.*
    c:\users\spec\appdata\local\{F50AEE14-96F0-4302-8234-5B4AEB24ACAB}\*.*
    c:\users\spec\appdata\local\{4CCD769A-B865-4656-9BF1-7C82C133FE08}\*.*
    c:\users\spec\appdata\local\{0A401872-7230-4B5E-8BFC-ABFDF5E723B4}\*.*
    c:\users\spec\appdata\local\{ACCC905F-75B7-42EE-9F91-B417740778D0}\*.*
    c:\users\spec\appdata\local\{675EDF1A-F0E6-4FC2-925F-9F199AE89AF7}\*.*
    c:\users\spec\appdata\local\{83F9CBD5-9A71-4274-B3F4-EBD39FB3A1AC}\*.*
    c:\users\spec\appdata\local\{8E228ADB-7B9A-46A5-87E0-70658A2E22C2}\*.*
    c:\users\spec\appdata\local\{C9D8CDD7-0B43-4054-80E5-58349C541D7D}\*.*
    c:\users\spec\appdata\local\{799395CD-0591-4461-8CB2-4CD5C7E1A873}\*.*
    c:\users\spec\appdata\local\{F02DAA4E-63BE-4B7E-B770-CE02A2AC4852}\*.*
    c:\users\spec\appdata\local\{4F3BDCC8-5A20-4451-905E-F1B7D3636AEE}\*.*
    c:\users\spec\appdata\local\{6120398B-0C4C-4A0A-A12C-F0E7185C02CA}\*.*
    c:\users\spec\appdata\local\{68B918EA-B9E3-4CEA-82A1-9D5E36702980}\*.*
    c:\users\spec\appdata\local\{D2B15660-58C0-4A78-83E7-5F10A40A08B1}\*.*
    c:\users\spec\appdata\local\{E85C6DAA-CE8E-4F8B-858B-CFE3F8DE5A49}\*.*
    c:\users\spec\appdata\local\{8382D191-8EC6-4785-B89A-B8CEFF427364}\*.*
    c:\users\spec\appdata\local\{9B462398-9F3F-41BD-A43E-A52BA94C3AD6}\*.*
    c:\users\spec\appdata\local\{45BDB583-3236-4AE1-BDB1-3EA262BEE3E4}\*.*
    c:\users\spec\appdata\local\{24DDCDC8-AE68-4CD8-B5D1-38CFF4915062}\*.*
    c:\users\spec\appdata\local\{E1EEF74C-9EF9-47E3-A7E1-D00A7167B709}\*.*
    c:\users\spec\appdata\local\{E33631C2-D1CC-4E4E-BBD3-DF83DFB4C06A}\*.*
    c:\users\spec\appdata\local\{066EC6D4-1A44-41DC-BE60-F67711BFC45D}\*.*
    c:\users\spec\appdata\local\{972ED6F3-33C9-40FD-8F48-461E27118A18}\*.*
    c:\users\spec\appdata\local\{5410B190-52FB-40B8-BF76-2911429D04C9}\*.*
    c:\users\spec\appdata\local\{CA4110DF-38C3-44AC-AA4E-401D16649539}\*.*
    c:\users\spec\appdata\local\{5B7F1BA8-E3EF-430B-9CE0-93C46F00DC20}\*.*
    c:\users\spec\appdata\local\{7A489F53-5DDB-46C4-B10D-28D51B77E8E5}\*.*


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 tarkovsky

tarkovsky
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 23 March 2011 - 03:28 AM

Avast! recommended that I run OTL in the Avast sandbox since it says that it might be potentially unsafe.

OTL logfile created on: 23/3/2011 4:21:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Spec\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.01 Gb Total Space | 385.66 Gb Free Space | 84.76% Space Free | Partition Type: NTFS
Drive D: | 10.75 Gb Total Space | 2.84 Gb Free Space | 26.38% Space Free | Partition Type: NTFS
Drive E: | 2.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SPEC-PC | User Name: Spec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/23 16:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spec\Desktop\OTL.exe
PRC - [2011/03/20 12:53:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/03/09 20:33:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 23:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/01/17 23:30:16 | 002,548,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/01/21 10:33:22 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe


========== Modules (SafeList) ==========

MOD - [2011/03/23 16:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spec\Desktop\OTL.exe
MOD - [2011/02/23 23:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/12/29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2011/03/20 12:53:55 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/01/21 10:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 22:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 22:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 22:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 22:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 22:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 22:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/08 11:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/01/06 17:36:48 | 000,080,064 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/01/06 17:36:46 | 000,236,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/01/06 17:36:46 | 000,034,744 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/01/07 01:49:22 | 000,022,896 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 17:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/02/27 01:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1584598523-393161003-2119424171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
IE - HKU\S-1-5-21-1584598523-393161003-2119424171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
IE - HKU\S-1-5-21-1584598523-393161003-2119424171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1584598523-393161003-2119424171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.furaffinity.net/"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/02/27 21:13:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/09 20:33:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/09 20:33:31 | 000,000,000 | ---D | M]

[2011/02/27 21:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spec\AppData\Roaming\Mozilla\Extensions
[2011/03/22 18:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spec\AppData\Roaming\Mozilla\Firefox\Profiles\g2qla42o.default\extensions
[2011/03/11 14:39:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Spec\AppData\Roaming\Mozilla\Firefox\Profiles\g2qla42o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/11 22:48:11 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Spec\AppData\Roaming\Mozilla\Firefox\Profiles\g2qla42o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/03/07 19:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/27 21:13:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/02/27 23:07:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/09 20:33:29 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/09 20:33:29 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/09 20:33:29 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/09 20:33:29 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1584598523-393161003-2119424171-1000..\Run: [HPAdvisor] File not found
O4 - HKU\S-1-5-21-1584598523-393161003-2119424171-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Spec\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Spec\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/01/31 22:40:26 | 000,000,046 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7ef17d05-426b-11e0-8d6b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7ef17d05-426b-11e0-8d6b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2007/01/31 22:40:26 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/23 16:17:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Spec\Desktop\OTL.exe
[2011/03/23 15:57:12 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{6754854A-E914-4A44-9556-26FA55BAD962}
[2011/03/23 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Microsoft Games
[2011/03/23 15:46:21 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{0A7B622E-E600-4052-A5C4-77DD591830A3}
[2011/03/22 23:10:02 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{755707EC-6452-41C5-8FB2-5C62377782EB}
[2011/03/22 18:17:15 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{D62497AF-C758-4441-B5CD-827AD0585351}
[2011/03/21 21:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/03/21 21:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/03/21 21:32:14 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/03/21 20:28:07 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Gearbox Software
[2011/03/21 17:09:08 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{DD38F487-D190-4248-849C-765190DC7299}
[2011/03/20 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\NVIDIA
[2011/03/20 15:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/03/20 13:27:38 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/03/20 12:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/03/20 12:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/03/20 12:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/03/20 12:23:59 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{63C9B0E8-5666-4BDD-BB8E-2DC89271B065}
[2011/03/20 00:22:45 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{2079C55B-A088-41F4-BBE0-0B3C16ED35EC}
[2011/03/19 12:22:11 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{014B58E5-A8A2-43C9-8E7F-AD699F96FA2C}
[2011/03/18 19:17:47 | 000,000,000 | ---D | C] -- C:\Users\Spec\Desktop\Abyss
[2011/03/18 11:38:34 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{4D3B4269-9CFE-412F-B3A6-A852B0CD2907}
[2011/03/17 23:30:05 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{252F72BB-CE20-4836-852F-D99BFD9BC759}
[2011/03/17 20:04:34 | 000,000,000 | ---D | C] -- C:\Users\Spec\Documents\My Received Files
[2011/03/17 11:29:23 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{F315C005-195B-43F6-B781-FAEF735AC76B}
[2011/03/16 22:38:30 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{F50AEE14-96F0-4302-8234-5B4AEB24ACAB}
[2011/03/16 10:37:18 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{4CCD769A-B865-4656-9BF1-7C82C133FE08}
[2011/03/15 22:36:29 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{0A401872-7230-4B5E-8BFC-ABFDF5E723B4}
[2011/03/15 17:16:23 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Disney Interactive Studios
[2011/03/15 17:15:14 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Leadertech
[2011/03/15 17:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
[2011/03/15 17:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Disney Interactive Studios
[2011/03/15 12:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/15 12:02:33 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/03/15 10:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/03/15 10:45:05 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Secunia PSI
[2011/03/15 10:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/03/15 10:36:15 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{ACCC905F-75B7-42EE-9F91-B417740778D0}
[2011/03/14 12:06:05 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{675EDF1A-F0E6-4FC2-925F-9F199AE89AF7}
[2011/03/13 23:42:16 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{83F9CBD5-9A71-4274-B3F4-EBD39FB3A1AC}
[2011/03/13 19:22:36 | 000,000,000 | ---D | C] -- C:\Users\Spec\Desktop\Music
[2011/03/13 12:06:55 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/13 12:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/13 12:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/13 12:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/13 11:41:22 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{8E228ADB-7B9A-46A5-87E0-70658A2E22C2}
[2011/03/12 18:42:27 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{C9D8CDD7-0B43-4054-80E5-58349C541D7D}
[2011/03/12 10:54:29 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{799395CD-0591-4461-8CB2-4CD5C7E1A873}
[2011/03/11 14:38:50 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{F02DAA4E-63BE-4B7E-B770-CE02A2AC4852}
[2011/03/10 13:01:48 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{4F3BDCC8-5A20-4451-905E-F1B7D3636AEE}
[2011/03/09 15:41:23 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{6120398B-0C4C-4A0A-A12C-F0E7185C02CA}
[2011/03/08 20:14:50 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{68B918EA-B9E3-4CEA-82A1-9D5E36702980}
[2011/03/07 16:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2011/03/07 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\InstallShield
[2011/03/07 16:34:01 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{D2B15660-58C0-4A78-83E7-5F10A40A08B1}
[2011/03/06 20:26:43 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{E85C6DAA-CE8E-4F8B-858B-CFE3F8DE5A49}
[2011/03/06 20:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/03/06 20:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/03/06 20:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/03/06 16:07:17 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{8382D191-8EC6-4785-B89A-B8CEFF427364}
[2011/03/06 09:43:27 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{9B462398-9F3F-41BD-A43E-A52BA94C3AD6}
[2011/03/05 19:59:20 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shattered Galaxy
[2011/03/05 19:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shattered Galaxy
[2011/03/05 19:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\KRU
[2011/03/05 17:03:38 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{45BDB583-3236-4AE1-BDB1-3EA262BEE3E4}
[2011/03/05 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Malwarebytes
[2011/03/05 17:02:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/05 17:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/05 17:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/05 17:02:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/05 17:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/05 12:00:22 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{24DDCDC8-AE68-4CD8-B5D1-38CFF4915062}
[2011/03/05 11:48:19 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/03/05 11:20:24 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{E1EEF74C-9EF9-47E3-A7E1-D00A7167B709}
[2011/03/05 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011/03/05 11:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/03/05 11:04:55 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{E33631C2-D1CC-4E4E-BBD3-DF83DFB4C06A}
[2011/03/04 15:27:43 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{066EC6D4-1A44-41DC-BE60-F67711BFC45D}
[2011/03/03 16:53:50 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{972ED6F3-33C9-40FD-8F48-461E27118A18}
[2011/03/03 16:53:48 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{5410B190-52FB-40B8-BF76-2911429D04C9}
[2011/03/02 19:42:07 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\skypePM
[2011/03/02 19:40:47 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Skype
[2011/03/02 19:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/03/02 16:06:44 | 000,000,000 | ---D | C] -- C:\Users\Spec\Documents\Games for Windows - LIVE Demos
[2011/03/02 15:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/03/02 15:53:47 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{CA4110DF-38C3-44AC-AA4E-401D16649539}
[2011/03/01 16:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011/03/01 16:15:58 | 000,000,000 | ---D | C] -- C:\Users\Spec\Documents\My Games
[2011/03/01 16:15:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/03/01 15:21:36 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{5B7F1BA8-E3EF-430B-9CE0-93C46F00DC20}
[2011/02/28 22:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011/02/28 22:49:55 | 000,872,448 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll
[2011/02/28 22:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\BRS
[2011/02/28 22:49:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2011/02/28 22:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/02/28 22:49:29 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/02/28 22:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/02/28 22:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2011/02/28 17:15:28 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{7A489F53-5DDB-46C4-B10D-28D51B77E8E5}
[2011/02/28 17:15:15 | 000,000,000 | ---D | C] -- C:\Users\Spec\Tracing
[2011/02/28 17:05:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/02/28 17:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/02/28 17:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/02/28 17:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/28 17:02:21 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Windows Live
[2011/02/28 17:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/02/28 16:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/02/27 23:55:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/02/27 23:55:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/02/27 23:55:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/02/27 23:46:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/02/27 22:48:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/27 21:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/02/27 21:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/02/27 21:21:43 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/02/27 21:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/02/27 21:20:56 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/02/27 21:13:44 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/27 21:13:44 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/27 21:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/27 21:13:43 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/27 21:13:43 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/27 21:13:42 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/02/27 21:13:42 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/27 21:13:11 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/27 21:13:11 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/27 21:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/02/27 21:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/02/27 21:02:44 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Mozilla
[2011/02/27 21:02:43 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Mozilla
[2011/02/27 21:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/27 21:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/27 20:57:58 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Macromedia
[2011/02/27 20:57:58 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Adobe
[2011/02/27 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Hewlett-Packard
[2011/02/27 20:40:57 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Hewlett-Packard
[2011/02/27 20:40:56 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\PowerCinema
[2011/02/27 20:40:45 | 000,000,000 | R--D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/27 20:40:45 | 000,000,000 | R--D | C] -- C:\Users\Spec\Searches
[2011/02/27 20:40:45 | 000,000,000 | R--D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/27 20:40:39 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Identities
[2011/02/27 20:40:38 | 000,000,000 | R--D | C] -- C:\Users\Spec\Contacts
[2011/02/27 20:40:37 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\VirtualStore
[2011/02/27 20:32:05 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\HP TCS
[2011/02/27 20:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
[2011/02/27 20:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Try Microsoft Office for 60 days
[2011/02/27 20:29:57 | 000,000,000 | --SD | C] -- C:\Users\Spec\AppData\Roaming\Microsoft
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Videos
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Saved Games
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Pictures
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Music
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Links
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Favorites
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Downloads
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Documents
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Desktop
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\AppData\Local\Temporary Internet Files
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Templates
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Start Menu
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\SendTo
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Recent
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\PrintHood
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\NetHood
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Documents\My Videos
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Documents\My Pictures
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Documents\My Music
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\My Documents
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Local Settings
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\AppData\Local\History
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Cookies
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Application Data
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\AppData\Local\Application Data
[2011/02/27 20:29:57 | 000,000,000 | -H-D | C] -- C:\Users\Spec\AppData
[2011/02/27 20:29:57 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Temp
[2011/02/27 20:29:57 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Microsoft
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2011/02/27 20:19:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/02/27 20:18:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/23 16:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spec\Desktop\OTL.exe
[2011/03/23 15:50:28 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/23 15:50:28 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/23 15:43:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/23 15:43:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/23 15:43:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/23 15:43:48 | 3219,283,968 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/21 21:32:19 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/03/20 13:27:38 | 000,000,215 | ---- | M] () -- C:\Users\Spec\Desktop\Monday Night Combat.url
[2011/03/20 12:51:24 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/03/19 21:00:23 | 000,000,000 | ---- | M] () -- C:\Users\Spec\defogger_reenable
[2011/03/18 20:08:11 | 000,018,499 | ---- | M] () -- C:\Users\Spec\Desktop\Colin.jpg
[2011/03/18 20:07:39 | 000,025,078 | ---- | M] () -- C:\Users\Spec\Desktop\Mc.jpg
[2011/03/18 20:07:07 | 000,024,538 | ---- | M] () -- C:\Users\Spec\Desktop\Rae.jpg
[2011/03/18 20:06:32 | 000,027,811 | ---- | M] () -- C:\Users\Spec\Desktop\DiRT.jpg
[2011/03/18 20:05:14 | 000,015,717 | ---- | M] () -- C:\Users\Spec\Desktop\Two.jpg
[2011/03/18 19:55:51 | 000,005,917 | ---- | M] () -- C:\Users\Spec\Desktop\Devil.jpg
[2011/03/18 19:55:18 | 000,006,854 | ---- | M] () -- C:\Users\Spec\Desktop\May.jpg
[2011/03/18 19:54:34 | 000,011,817 | ---- | M] () -- C:\Users\Spec\Desktop\Cry.jpg
[2011/03/18 19:53:45 | 000,009,392 | ---- | M] () -- C:\Users\Spec\Desktop\4.jpg
[2011/03/18 19:37:22 | 000,012,781 | ---- | M] () -- C:\Users\Spec\Desktop\N.jpg
[2011/03/18 19:35:43 | 000,015,279 | ---- | M] () -- C:\Users\Spec\Desktop\E.jpg
[2011/03/18 19:35:05 | 000,018,244 | ---- | M] () -- C:\Users\Spec\Desktop\R.jpg
[2011/03/18 19:33:47 | 000,018,627 | ---- | M] () -- C:\Users\Spec\Desktop\O.jpg
[2011/03/18 19:27:45 | 000,008,131 | ---- | M] () -- C:\Users\Spec\Desktop\Fa.jpg
[2011/03/18 19:27:14 | 000,008,250 | ---- | M] () -- C:\Users\Spec\Desktop\rC.jpg
[2011/03/18 19:26:05 | 000,008,541 | ---- | M] () -- C:\Users\Spec\Desktop\ry.jpg
[2011/03/18 19:25:29 | 000,007,792 | ---- | M] () -- C:\Users\Spec\Desktop\2.jpg
[2011/03/18 16:17:54 | 000,008,039 | ---- | M] () -- C:\Users\Spec\Desktop\P..jpg
[2011/03/18 16:17:20 | 000,008,905 | ---- | M] () -- C:\Users\Spec\Desktop\U..jpg
[2011/03/18 16:16:46 | 000,008,231 | ---- | M] () -- C:\Users\Spec\Desktop\R..jpg
[2011/03/18 16:16:08 | 000,008,597 | ---- | M] () -- C:\Users\Spec\Desktop\E..jpg
[2011/03/18 16:15:32 | 000,007,945 | ---- | M] () -- C:\Users\Spec\Desktop\..jpg
[2011/03/18 16:05:25 | 000,021,838 | ---- | M] () -- C:\Users\Spec\Desktop\T.jpg
[2011/03/18 16:04:42 | 000,020,507 | ---- | M] () -- C:\Users\Spec\Desktop\em.jpg
[2011/03/18 16:04:15 | 000,016,941 | ---- | M] () -- C:\Users\Spec\Desktop\pe.jpg
[2011/03/18 16:03:32 | 000,019,242 | ---- | M] () -- C:\Users\Spec\Desktop\st.jpg
[2011/03/18 16:01:44 | 000,022,433 | ---- | M] () -- C:\Users\Spec\Desktop\a.jpg
[2011/03/15 22:31:35 | 000,005,113 | ---- | M] () -- C:\Users\Spec\Desktop\Spectre.jpg
[2011/03/15 17:15:23 | 000,001,106 | ---- | M] () -- C:\Windows\disney.ini
[2011/03/15 17:14:41 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Pure.lnk
[2011/03/13 19:25:06 | 000,000,944 | ---- | M] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/07 16:44:06 | 000,001,490 | ---- | M] () -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
[2011/03/06 16:06:53 | 000,000,680 | ---- | M] () -- C:\Users\Spec\AppData\Local\d3d9caps.dat
[2011/03/05 17:02:47 | 000,000,936 | ---- | M] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/05 11:48:19 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/03/05 11:46:31 | 000,022,328 | ---- | M] () -- C:\Users\Spec\AppData\Roaming\PnkBstrK.sys
[2011/03/02 20:02:52 | 000,008,697 | ---- | M] () -- C:\Users\Spec\Desktop\Wolf.jpg
[2011/03/02 19:42:08 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/02/28 23:09:18 | 000,288,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/28 22:49:29 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/02/28 16:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/02/27 22:52:21 | 000,000,949 | ---- | M] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/27 21:35:19 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/02/27 21:13:42 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/27 21:02:12 | 000,001,754 | ---- | M] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/27 20:30:36 | 000,001,829 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_CPC_NJ059AA-AB4 SR5880D_YC_0Pres_QCNX914_E92APv3PrA1_49_INapa_SFOXCONN_VHP P N_B5.23_T090211_WUH1_L409_M3070_J500_7Intel_8Core2 Quad Q8200_92.33_#090404_N10DE07DC_Z_G10DE0622.MRK
[2011/02/27 20:23:01 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/02/23 23:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/23 23:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/23 22:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/02/23 22:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/23 22:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/23 22:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/23 22:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/23 22:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/21 21:32:19 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/03/20 13:27:38 | 000,000,215 | ---- | C] () -- C:\Users\Spec\Desktop\Monday Night Combat.url
[2011/03/20 12:51:24 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/03/19 21:00:23 | 000,000,000 | ---- | C] () -- C:\Users\Spec\defogger_reenable
[2011/03/18 20:08:11 | 000,018,499 | ---- | C] () -- C:\Users\Spec\Desktop\Colin.jpg
[2011/03/18 20:07:39 | 000,025,078 | ---- | C] () -- C:\Users\Spec\Desktop\Mc.jpg
[2011/03/18 20:07:07 | 000,024,538 | ---- | C] () -- C:\Users\Spec\Desktop\Rae.jpg
[2011/03/18 20:06:32 | 000,027,811 | ---- | C] () -- C:\Users\Spec\Desktop\DiRT.jpg
[2011/03/18 20:05:14 | 000,015,717 | ---- | C] () -- C:\Users\Spec\Desktop\Two.jpg
[2011/03/18 19:55:51 | 000,005,917 | ---- | C] () -- C:\Users\Spec\Desktop\Devil.jpg
[2011/03/18 19:55:18 | 000,006,854 | ---- | C] () -- C:\Users\Spec\Desktop\May.jpg
[2011/03/18 19:54:34 | 000,011,817 | ---- | C] () -- C:\Users\Spec\Desktop\Cry.jpg
[2011/03/18 19:53:45 | 000,009,392 | ---- | C] () -- C:\Users\Spec\Desktop\4.jpg
[2011/03/18 19:37:22 | 000,012,781 | ---- | C] () -- C:\Users\Spec\Desktop\N.jpg
[2011/03/18 19:35:43 | 000,015,279 | ---- | C] () -- C:\Users\Spec\Desktop\E.jpg
[2011/03/18 19:35:05 | 000,018,244 | ---- | C] () -- C:\Users\Spec\Desktop\R.jpg
[2011/03/18 19:33:47 | 000,018,627 | ---- | C] () -- C:\Users\Spec\Desktop\O.jpg
[2011/03/18 19:27:45 | 000,008,131 | ---- | C] () -- C:\Users\Spec\Desktop\Fa.jpg
[2011/03/18 19:27:14 | 000,008,250 | ---- | C] () -- C:\Users\Spec\Desktop\rC.jpg
[2011/03/18 19:26:05 | 000,008,541 | ---- | C] () -- C:\Users\Spec\Desktop\ry.jpg
[2011/03/18 19:25:28 | 000,007,792 | ---- | C] () -- C:\Users\Spec\Desktop\2.jpg
[2011/03/18 16:17:54 | 000,008,039 | ---- | C] () -- C:\Users\Spec\Desktop\P..jpg
[2011/03/18 16:17:20 | 000,008,905 | ---- | C] () -- C:\Users\Spec\Desktop\U..jpg
[2011/03/18 16:16:46 | 000,008,231 | ---- | C] () -- C:\Users\Spec\Desktop\R..jpg
[2011/03/18 16:16:08 | 000,008,597 | ---- | C] () -- C:\Users\Spec\Desktop\E..jpg
[2011/03/18 16:15:32 | 000,007,945 | ---- | C] () -- C:\Users\Spec\Desktop\..jpg
[2011/03/18 16:05:25 | 000,021,838 | ---- | C] () -- C:\Users\Spec\Desktop\T.jpg
[2011/03/18 16:04:42 | 000,020,507 | ---- | C] () -- C:\Users\Spec\Desktop\em.jpg
[2011/03/18 16:04:14 | 000,016,941 | ---- | C] () -- C:\Users\Spec\Desktop\pe.jpg
[2011/03/18 16:03:31 | 000,019,242 | ---- | C] () -- C:\Users\Spec\Desktop\st.jpg
[2011/03/18 16:01:44 | 000,022,433 | ---- | C] () -- C:\Users\Spec\Desktop\a.jpg
[2011/03/15 22:31:35 | 000,005,113 | ---- | C] () -- C:\Users\Spec\Desktop\Spectre.jpg
[2011/03/15 17:14:41 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Pure.lnk
[2011/03/15 17:04:28 | 000,001,106 | ---- | C] () -- C:\Windows\disney.ini
[2011/03/13 19:25:06 | 000,000,944 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/13 13:19:26 | 3219,283,968 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/07 16:44:06 | 000,001,490 | ---- | C] () -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
[2011/03/05 17:02:47 | 000,000,936 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/05 11:16:44 | 000,022,328 | ---- | C] () -- C:\Users\Spec\AppData\Roaming\PnkBstrK.sys
[2011/03/02 20:02:52 | 000,008,697 | ---- | C] () -- C:\Users\Spec\Desktop\Wolf.jpg
[2011/03/02 19:42:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/02 15:53:19 | 000,000,680 | ---- | C] () -- C:\Users\Spec\AppData\Local\d3d9caps.dat
[2011/02/28 17:08:43 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/02/28 16:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/02/27 23:45:47 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/02/27 23:45:46 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/02/27 23:45:43 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/02/27 23:45:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/27 23:45:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/27 23:45:40 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/02/27 23:45:38 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/02/27 23:45:31 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/02/27 23:45:30 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/02/27 23:45:12 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/02/27 22:13:53 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/02/27 21:55:29 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/27 21:55:29 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/27 21:55:29 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/27 21:53:05 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/02/27 21:23:09 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/02/27 21:21:43 | 000,004,756 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/02/27 21:02:12 | 000,001,754 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/27 20:55:05 | 000,000,949 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/27 20:40:46 | 000,000,955 | ---- | C] () -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/27 20:40:45 | 000,000,950 | ---- | C] () -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/02/27 20:40:38 | 000,000,921 | ---- | C] () -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/02/27 20:30:29 | 000,001,829 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_CPC_NJ059AA-AB4 SR5880D_YC_0Pres_QCNX914_E92APv3PrA1_49_INapa_SFOXCONN_VHP P N_B5.23_T090211_WUH1_L409_M3070_J500_7Intel_8Core2 Quad Q8200_92.33_#090404_N10DE07DC_Z_G10DE0622.MRK
[2011/02/27 20:30:21 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.com.sg.lnk
[2011/02/27 20:29:57 | 000,000,258 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/27 20:29:57 | 000,000,240 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/02/20 07:40:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/19 16:45:00 | 000,032,631 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/19 16:19:31 | 000,032,631 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/19 16:03:05 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/02/19 16:03:05 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:44:53 | 000,288,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 18:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/15 17:16:23 | 000,000,000 | ---D | M] -- C:\Users\Spec\AppData\Roaming\Disney Interactive Studios
[2011/03/21 20:28:07 | 000,000,000 | ---D | M] -- C:\Users\Spec\AppData\Roaming\Gearbox Software
[2011/03/15 17:15:14 | 000,000,000 | ---D | M] -- C:\Users\Spec\AppData\Roaming\Leadertech
[2011/02/27 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Spec\AppData\Roaming\PowerCinema
[2011/02/27 21:35:19 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/03/22 23:32:25 | 000,026,376 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< c:\users\spec\appdata\local\{014B58E5-A8A2-43C9-8E7F-AD699F96FA2C}\*.* >

< c:\users\spec\appdata\local\{4D3B4269-9CFE-412F-B3A6-A852B0CD2907}\*.* >

< c:\users\spec\appdata\local\{252F72BB-CE20-4836-852F-D99BFD9BC759}\*.* >

< c:\users\spec\appdata\local\{F315C005-195B-43F6-B781-FAEF735AC76B}\*.* >

< c:\users\spec\appdata\local\{F50AEE14-96F0-4302-8234-5B4AEB24ACAB}\*.* >

< c:\users\spec\appdata\local\{4CCD769A-B865-4656-9BF1-7C82C133FE08}\*.* >

< c:\users\spec\appdata\local\{0A401872-7230-4B5E-8BFC-ABFDF5E723B4}\*.* >

< c:\users\spec\appdata\local\{ACCC905F-75B7-42EE-9F91-B417740778D0}\*.* >

< c:\users\spec\appdata\local\{675EDF1A-F0E6-4FC2-925F-9F199AE89AF7}\*.* >

< c:\users\spec\appdata\local\{83F9CBD5-9A71-4274-B3F4-EBD39FB3A1AC}\*.* >

< c:\users\spec\appdata\local\{8E228ADB-7B9A-46A5-87E0-70658A2E22C2}\*.* >

< c:\users\spec\appdata\local\{C9D8CDD7-0B43-4054-80E5-58349C541D7D}\*.* >

< c:\users\spec\appdata\local\{799395CD-0591-4461-8CB2-4CD5C7E1A873}\*.* >

< c:\users\spec\appdata\local\{F02DAA4E-63BE-4B7E-B770-CE02A2AC4852}\*.* >

< c:\users\spec\appdata\local\{4F3BDCC8-5A20-4451-905E-F1B7D3636AEE}\*.* >

< c:\users\spec\appdata\local\{6120398B-0C4C-4A0A-A12C-F0E7185C02CA}\*.* >

< c:\users\spec\appdata\local\{68B918EA-B9E3-4CEA-82A1-9D5E36702980}\*.* >

< c:\users\spec\appdata\local\{D2B15660-58C0-4A78-83E7-5F10A40A08B1}\*.* >

< c:\users\spec\appdata\local\{E85C6DAA-CE8E-4F8B-858B-CFE3F8DE5A49}\*.* >

< c:\users\spec\appdata\local\{8382D191-8EC6-4785-B89A-B8CEFF427364}\*.* >

< c:\users\spec\appdata\local\{9B462398-9F3F-41BD-A43E-A52BA94C3AD6}\*.* >

< c:\users\spec\appdata\local\{45BDB583-3236-4AE1-BDB1-3EA262BEE3E4}\*.* >

< c:\users\spec\appdata\local\{24DDCDC8-AE68-4CD8-B5D1-38CFF4915062}\*.* >

< c:\users\spec\appdata\local\{E1EEF74C-9EF9-47E3-A7E1-D00A7167B709}\*.* >

< c:\users\spec\appdata\local\{E33631C2-D1CC-4E4E-BBD3-DF83DFB4C06A}\*.* >

< c:\users\spec\appdata\local\{066EC6D4-1A44-41DC-BE60-F67711BFC45D}\*.* >

< c:\users\spec\appdata\local\{972ED6F3-33C9-40FD-8F48-461E27118A18}\*.* >

< c:\users\spec\appdata\local\{5410B190-52FB-40B8-BF76-2911429D04C9}\*.* >

< c:\users\spec\appdata\local\{CA4110DF-38C3-44AC-AA4E-401D16649539}\*.* >

< c:\users\spec\appdata\local\{5B7F1BA8-E3EF-430B-9CE0-93C46F00DC20}\*.* >

< c:\users\spec\appdata\local\{7A489F53-5DDB-46C4-B10D-28D51B77E8E5}\*.* >

< End of report >

#7 tarkovsky

tarkovsky
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 23 March 2011 - 03:30 AM

OTL Extras logfile created on: 23/3/2011 4:21:11 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Spec\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.01 Gb Total Space | 385.66 Gb Free Space | 84.76% Space Free | Partition Type: NTFS
Drive D: | 10.75 Gb Total Space | 2.84 Gb Free Space | 26.38% Space Free | Partition Type: NTFS
Drive E: | 2.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SPEC-PC | User Name: Spec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1584598523-393161003-2119424171-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26004814-4D6D-47FB-9230-A194102C093A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{629CF704-B6AD-43AA-88A8-F12F950FE304}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C9723F-24E3-4220-9A59-AD90441EF135}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{04150EB2-CDA7-4F60-9138-74346D7657B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{1D79E327-25A0-4B1E-AD36-F5B323FC7AC5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{28E4FAC3-F612-4CAA-8570-901E030B507E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2D88153A-A7B0-4A48-9645-7E6DC9A5DFCF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{2E1B2081-1ED9-49E4-9E6C-523813A7E61A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{3DE6AD7B-6D84-4C90-8F7B-30035D88362E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{434CD520-41F3-48C9-BCD5-00EF23544004}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F806F2E-4B19-48A5-BCE5-8793CE3A1734}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{71167226-E697-4DDC-8EAF-99E94B7C3BC7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{7AC4E175-C5B6-4734-8119-CA4BEC33922B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{7F6B2413-A283-4941-ABD7-AD64187EE24E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{8E63FE3C-0D58-4EDC-A93D-1E001744D710}" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt2\dirt2_game.exe |
"{985BA7F0-E99A-462A-9EBA-C766F8534B85}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9ED8B1D9-FB13-4F2D-8950-023E8F6B031D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{A9708760-E681-4548-8BAE-1149A6121946}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B8A73919-9B09-4D48-A627-D72BCE63D6DE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BB1D330D-72F3-41AD-9959-FD834D1F6339}" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt2\dirt2_game.exe |
"{C6428DAA-E2A0-443A-95E2-C137328AD9CF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{D269F7A1-17E7-4DAB-92AC-BAACBB992D88}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8BCBF7C-3D44-4897-ABAC-19B936C818D4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E8D1E7EE-84BF-4812-BBA0-2C4393628551}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F3AC1790-8EAD-442C-8056-DA1F33C3C33D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{F5666691-90A2-4934-A441-6D9E332046E2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}" = LightScribe System Software 1.14.32.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"BrothersInArms" = Brothers In Arms
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OpenAL" = OpenAL
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"pywin32-py2.6" = Python 2.6 pywin32-212
"Shattered Galaxy" = Shattered Galaxy
"Steam App 63200" = Monday Night Combat
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/3/2011 10:35:41 PM | Computer Name = Spec-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/3/2011 5:04:28 AM | Computer Name = Spec-PC | Source = Application Error | ID = 1000
Description = Faulting application _is8AC8.exe, version 12.0.0.58849, time stamp
0x45b1a378, faulting module ISSetup.dll, version 12.0.0.58851, time stamp 0x45e5fb47,
exception code 0xc0000005, fault offset 0x0009522f, process id 0x1690, application
start time 0x01cbe2eff4576ffb.

Error - 15/3/2011 11:39:42 AM | Computer Name = Spec-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 15.4.3508.1109, time stamp
0x4cda7240, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x00066579, process id 0xb44, application
start time 0x01cbe2b9b298330b.

Error - 15/3/2011 11:39:48 AM | Computer Name = Spec-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 15.4.3508.1109, time stamp
0x4cda7240, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc0000005, fault offset 0x000664c8, process id 0xb44, application
start time 0x01cbe2b9b298330b.

Error - 15/3/2011 8:40:59 PM | Computer Name = Spec-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/3/2011 6:34:06 AM | Computer Name = Spec-PC | Source = WinMgmt | ID = 10
Description =

Error - 16/3/2011 10:19:44 AM | Computer Name = Spec-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\SPEC\APPDATA\ROAMING\SECUROM\USERDATA> in the
hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device
attached to the system is not functioning. (0x8007001f)

Error - 16/3/2011 11:30:12 PM | Computer Name = Spec-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/3/2011 11:39:31 PM | Computer Name = Spec-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/3/2011 12:18:11 AM | Computer Name = Spec-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 14/3/2011 12:06:34 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/3/2011 12:06:34 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 14/3/2011 10:35:42 PM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 14/3/2011 10:35:42 PM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/3/2011 10:35:42 PM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 15/3/2011 8:40:59 PM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 15/3/2011 8:40:59 PM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/3/2011 8:40:59 PM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 16/3/2011 6:34:06 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 16/3/2011 6:34:06 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 23 March 2011 - 05:31 PM

Hello, tarkovsky.

Avast is likely noting that it's looking at your system configuration. If you're using one of those link I provided for OTL, it is safe.

Please let it run normally and not in Avast's sandbox for this step.



Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
    O4 - HKU\S-1-5-21-1584598523-393161003-2119424171-1000..\Run: [HPAdvisor] File not found
    O13 - gopher Prefix: missing
    :files
    c:\users\spec\appdata\local\{014B58E5-A8A2-43C9-8E7F-AD699F96FA2C}\
    c:\users\spec\appdata\local\{4D3B4269-9CFE-412F-B3A6-A852B0CD2907}\
    c:\users\spec\appdata\local\{252F72BB-CE20-4836-852F-D99BFD9BC759}\
    c:\users\spec\appdata\local\{F315C005-195B-43F6-B781-FAEF735AC76B}\
    c:\users\spec\appdata\local\{F50AEE14-96F0-4302-8234-5B4AEB24ACAB}\
    c:\users\spec\appdata\local\{4CCD769A-B865-4656-9BF1-7C82C133FE08}\
    c:\users\spec\appdata\local\{0A401872-7230-4B5E-8BFC-ABFDF5E723B4}\
    c:\users\spec\appdata\local\{ACCC905F-75B7-42EE-9F91-B417740778D0}\
    c:\users\spec\appdata\local\{675EDF1A-F0E6-4FC2-925F-9F199AE89AF7}\
    c:\users\spec\appdata\local\{83F9CBD5-9A71-4274-B3F4-EBD39FB3A1AC}\
    c:\users\spec\appdata\local\{8E228ADB-7B9A-46A5-87E0-70658A2E22C2}\
    c:\users\spec\appdata\local\{C9D8CDD7-0B43-4054-80E5-58349C541D7D}\
    c:\users\spec\appdata\local\{799395CD-0591-4461-8CB2-4CD5C7E1A873}\
    c:\users\spec\appdata\local\{F02DAA4E-63BE-4B7E-B770-CE02A2AC4852}\
    c:\users\spec\appdata\local\{4F3BDCC8-5A20-4451-905E-F1B7D3636AEE}\
    c:\users\spec\appdata\local\{6120398B-0C4C-4A0A-A12C-F0E7185C02CA}\
    c:\users\spec\appdata\local\{68B918EA-B9E3-4CEA-82A1-9D5E36702980}\
    c:\users\spec\appdata\local\{D2B15660-58C0-4A78-83E7-5F10A40A08B1}\
    c:\users\spec\appdata\local\{E85C6DAA-CE8E-4F8B-858B-CFE3F8DE5A49}\
    c:\users\spec\appdata\local\{8382D191-8EC6-4785-B89A-B8CEFF427364}\
    c:\users\spec\appdata\local\{9B462398-9F3F-41BD-A43E-A52BA94C3AD6}\
    c:\users\spec\appdata\local\{45BDB583-3236-4AE1-BDB1-3EA262BEE3E4}\
    c:\users\spec\appdata\local\{24DDCDC8-AE68-4CD8-B5D1-38CFF4915062}\
    c:\users\spec\appdata\local\{E1EEF74C-9EF9-47E3-A7E1-D00A7167B709}\
    c:\users\spec\appdata\local\{E33631C2-D1CC-4E4E-BBD3-DF83DFB4C06A}\
    c:\users\spec\appdata\local\{066EC6D4-1A44-41DC-BE60-F67711BFC45D}\
    c:\users\spec\appdata\local\{972ED6F3-33C9-40FD-8F48-461E27118A18}\
    c:\users\spec\appdata\local\{5410B190-52FB-40B8-BF76-2911429D04C9}\
    c:\users\spec\appdata\local\{CA4110DF-38C3-44AC-AA4E-401D16649539}\
    c:\users\spec\appdata\local\{5B7F1BA8-E3EF-430B-9CE0-93C46F00DC20}\
    c:\users\spec\appdata\local\{7A489F53-5DDB-46C4-B10D-28D51B77E8E5}\
    :Commands
    [EmptyTemp]
    
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 tarkovsky

tarkovsky
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 24 March 2011 - 04:18 AM

All processes killed
========== OTL ==========
Service Norton Internet Security stopped successfully!
Service Norton Internet Security deleted successfully!
Registry value HKEY_USERS\S-1-5-21-1584598523-393161003-2119424171-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HPAdvisor deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
========== FILES ==========
c:\users\spec\appdata\local\{014B58E5-A8A2-43C9-8E7F-AD699F96FA2C} folder moved successfully.
c:\users\spec\appdata\local\{4D3B4269-9CFE-412F-B3A6-A852B0CD2907} folder moved successfully.
c:\users\spec\appdata\local\{252F72BB-CE20-4836-852F-D99BFD9BC759} folder moved successfully.
c:\users\spec\appdata\local\{F315C005-195B-43F6-B781-FAEF735AC76B} folder moved successfully.
c:\users\spec\appdata\local\{F50AEE14-96F0-4302-8234-5B4AEB24ACAB} folder moved successfully.
c:\users\spec\appdata\local\{4CCD769A-B865-4656-9BF1-7C82C133FE08} folder moved successfully.
c:\users\spec\appdata\local\{0A401872-7230-4B5E-8BFC-ABFDF5E723B4} folder moved successfully.
c:\users\spec\appdata\local\{ACCC905F-75B7-42EE-9F91-B417740778D0} folder moved successfully.
c:\users\spec\appdata\local\{675EDF1A-F0E6-4FC2-925F-9F199AE89AF7} folder moved successfully.
c:\users\spec\appdata\local\{83F9CBD5-9A71-4274-B3F4-EBD39FB3A1AC} folder moved successfully.
c:\users\spec\appdata\local\{8E228ADB-7B9A-46A5-87E0-70658A2E22C2} folder moved successfully.
c:\users\spec\appdata\local\{C9D8CDD7-0B43-4054-80E5-58349C541D7D} folder moved successfully.
c:\users\spec\appdata\local\{799395CD-0591-4461-8CB2-4CD5C7E1A873} folder moved successfully.
c:\users\spec\appdata\local\{F02DAA4E-63BE-4B7E-B770-CE02A2AC4852} folder moved successfully.
c:\users\spec\appdata\local\{4F3BDCC8-5A20-4451-905E-F1B7D3636AEE} folder moved successfully.
c:\users\spec\appdata\local\{6120398B-0C4C-4A0A-A12C-F0E7185C02CA} folder moved successfully.
c:\users\spec\appdata\local\{68B918EA-B9E3-4CEA-82A1-9D5E36702980} folder moved successfully.
c:\users\spec\appdata\local\{D2B15660-58C0-4A78-83E7-5F10A40A08B1} folder moved successfully.
c:\users\spec\appdata\local\{E85C6DAA-CE8E-4F8B-858B-CFE3F8DE5A49} folder moved successfully.
c:\users\spec\appdata\local\{8382D191-8EC6-4785-B89A-B8CEFF427364} folder moved successfully.
c:\users\spec\appdata\local\{9B462398-9F3F-41BD-A43E-A52BA94C3AD6} folder moved successfully.
c:\users\spec\appdata\local\{45BDB583-3236-4AE1-BDB1-3EA262BEE3E4} folder moved successfully.
c:\users\spec\appdata\local\{24DDCDC8-AE68-4CD8-B5D1-38CFF4915062} folder moved successfully.
c:\users\spec\appdata\local\{E1EEF74C-9EF9-47E3-A7E1-D00A7167B709} folder moved successfully.
c:\users\spec\appdata\local\{E33631C2-D1CC-4E4E-BBD3-DF83DFB4C06A} folder moved successfully.
c:\users\spec\appdata\local\{066EC6D4-1A44-41DC-BE60-F67711BFC45D} folder moved successfully.
c:\users\spec\appdata\local\{972ED6F3-33C9-40FD-8F48-461E27118A18} folder moved successfully.
c:\users\spec\appdata\local\{5410B190-52FB-40B8-BF76-2911429D04C9} folder moved successfully.
c:\users\spec\appdata\local\{CA4110DF-38C3-44AC-AA4E-401D16649539} folder moved successfully.
c:\users\spec\appdata\local\{5B7F1BA8-E3EF-430B-9CE0-93C46F00DC20} folder moved successfully.
c:\users\spec\appdata\local\{7A489F53-5DDB-46C4-B10D-28D51B77E8E5} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Spec
->Temp folder emptied: 443517699 bytes
->Temporary Internet Files folder emptied: 32894188 bytes
->FireFox cache emptied: 120226635 bytes
->Flash cache emptied: 9110 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19759098 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 590.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03242011_165804

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Haha. What happened to my local folders? Windows also installed updates while restarting

Edited by tarkovsky, 24 March 2011 - 04:33 AM.


#10 tarkovsky

tarkovsky
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 24 March 2011 - 04:30 AM

OTL logfile created on: 24/3/2011 5:21:49 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Spec\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.01 Gb Total Space | 386.08 Gb Free Space | 84.85% Space Free | Partition Type: NTFS
Drive D: | 10.75 Gb Total Space | 2.84 Gb Free Space | 26.38% Space Free | Partition Type: NTFS
Drive E: | 2.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SPEC-PC | User Name: Spec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/24 16:43:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/23 16:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spec\Desktop\OTL.exe
PRC - [2011/03/20 12:53:55 | 000,407,336 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/03/20 12:53:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011/02/23 23:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/01/17 23:30:16 | 002,548,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/01/07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/23 16:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spec\Desktop\OTL.exe
MOD - [2011/02/23 23:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/12/29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/20 12:53:55 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/23 23:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/01/21 10:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 22:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 22:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 22:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 22:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 22:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 22:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/08 11:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/01/06 17:36:48 | 000,080,064 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/01/06 17:36:46 | 000,236,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/01/06 17:36:46 | 000,034,744 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/01/07 01:49:22 | 000,022,896 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 17:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/02/27 01:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1584598523-393161003-2119424171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
IE - HKU\S-1-5-21-1584598523-393161003-2119424171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=92&bd=Presario&pf=cndt
IE - HKU\S-1-5-21-1584598523-393161003-2119424171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1584598523-393161003-2119424171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.furaffinity.net/"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/02/27 21:13:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 16:43:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 16:43:03 | 000,000,000 | ---D | M]

[2011/02/27 21:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spec\AppData\Roaming\Mozilla\Extensions
[2011/03/23 18:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spec\AppData\Roaming\Mozilla\Firefox\Profiles\g2qla42o.default\extensions
[2011/03/11 14:39:36 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Spec\AppData\Roaming\Mozilla\Firefox\Profiles\g2qla42o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/11 22:48:11 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Spec\AppData\Roaming\Mozilla\Firefox\Profiles\g2qla42o.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/03/07 19:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/27 21:13:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/02/27 23:07:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/09 20:33:29 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/09 20:33:29 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/09 20:33:29 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/09 20:33:29 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1584598523-393161003-2119424171-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\Support\Register\RegistrationReminder.exe ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Spec\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Spec\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/01/31 22:40:26 | 000,000,046 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7ef17d05-426b-11e0-8d6b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7ef17d05-426b-11e0-8d6b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2007/01/31 22:40:26 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/24 16:58:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/24 16:41:57 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{C3396A20-B728-4C51-B5D3-9A939EEC01F0}
[2011/03/23 21:17:19 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 21:17:19 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/23 16:17:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Spec\Desktop\OTL.exe
[2011/03/23 15:57:12 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{6754854A-E914-4A44-9556-26FA55BAD962}
[2011/03/23 15:54:53 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Microsoft Games
[2011/03/23 15:46:21 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{0A7B622E-E600-4052-A5C4-77DD591830A3}
[2011/03/22 23:10:02 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{755707EC-6452-41C5-8FB2-5C62377782EB}
[2011/03/22 18:17:15 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{D62497AF-C758-4441-B5CD-827AD0585351}
[2011/03/21 21:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/03/21 21:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/03/21 21:32:14 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/03/21 20:28:07 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Gearbox Software
[2011/03/21 17:09:08 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{DD38F487-D190-4248-849C-765190DC7299}
[2011/03/20 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\NVIDIA
[2011/03/20 15:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011/03/20 15:24:01 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/03/20 15:24:01 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/03/20 15:24:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/03/20 15:24:01 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/03/20 15:24:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/03/20 15:24:01 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/03/20 13:27:38 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/03/20 12:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/03/20 12:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/03/20 12:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/03/20 12:23:59 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{63C9B0E8-5666-4BDD-BB8E-2DC89271B065}
[2011/03/20 00:22:45 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\{2079C55B-A088-41F4-BBE0-0B3C16ED35EC}
[2011/03/18 19:17:47 | 000,000,000 | ---D | C] -- C:\Users\Spec\Desktop\Abyss
[2011/03/17 20:04:34 | 000,000,000 | ---D | C] -- C:\Users\Spec\Documents\My Received Files
[2011/03/15 17:16:23 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Disney Interactive Studios
[2011/03/15 17:15:14 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Leadertech
[2011/03/15 17:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios
[2011/03/15 17:06:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/03/15 17:06:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/03/15 17:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Disney Interactive Studios
[2011/03/15 17:06:06 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/03/15 12:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/15 12:02:33 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/03/15 10:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/03/15 10:45:05 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Secunia PSI
[2011/03/15 10:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/03/13 19:22:36 | 000,000,000 | ---D | C] -- C:\Users\Spec\Desktop\Music
[2011/03/13 12:06:55 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/13 12:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/13 12:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/13 12:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/09 17:02:46 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 17:02:46 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 17:02:46 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 17:02:46 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/07 16:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2011/03/07 16:38:09 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\InstallShield
[2011/03/06 20:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/03/06 20:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/03/06 20:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/03/05 19:59:20 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shattered Galaxy
[2011/03/05 19:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shattered Galaxy
[2011/03/05 19:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\KRU
[2011/03/05 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Malwarebytes
[2011/03/05 17:02:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/05 17:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/05 17:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/05 17:02:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/05 17:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/05 11:48:19 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/03/05 11:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011/03/05 11:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/03/02 19:42:07 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\skypePM
[2011/03/02 19:40:47 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Skype
[2011/03/02 19:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/03/02 16:06:44 | 000,000,000 | ---D | C] -- C:\Users\Spec\Documents\Games for Windows - LIVE Demos
[2011/03/02 15:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/03/01 16:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011/03/01 16:15:58 | 000,000,000 | ---D | C] -- C:\Users\Spec\Documents\My Games
[2011/03/01 16:15:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/02/28 22:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011/02/28 22:49:56 | 003,485,696 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mkl_p4.dll
[2011/02/28 22:49:56 | 002,793,472 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mkl_p3.dll
[2011/02/28 22:49:56 | 000,839,680 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mkl_vml_p4.dll
[2011/02/28 22:49:56 | 000,532,480 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mkl_vml_p3.dll
[2011/02/28 22:49:56 | 000,512,000 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mkl_vml_def.dll
[2011/02/28 22:49:55 | 002,441,216 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mkl_def.dll
[2011/02/28 22:49:55 | 002,174,976 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mkl_lapack32.dll
[2011/02/28 22:49:55 | 002,125,824 | ---- | C] (Intel Corporation) -- C:\Windows\System32\mkl_lapack64.dll
[2011/02/28 22:49:55 | 000,872,448 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll
[2011/02/28 22:49:55 | 000,184,320 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libguide40.dll
[2011/02/28 22:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\BRS
[2011/02/28 22:49:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2011/02/28 22:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/02/28 22:49:29 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/02/28 22:49:29 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/02/28 22:49:29 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011/02/28 22:49:29 | 000,109,144 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/02/28 22:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/02/28 22:49:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/02/28 22:49:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/02/28 22:49:27 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/02/28 22:49:27 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/02/28 22:49:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/02/28 22:49:27 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/02/28 22:49:26 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/02/28 22:49:26 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/02/28 22:49:26 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011/02/28 22:49:26 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011/02/28 22:49:26 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/02/28 22:49:26 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/02/28 22:49:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/02/28 22:49:26 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011/02/28 22:49:26 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011/02/28 22:49:26 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011/02/28 22:49:26 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/02/28 22:49:26 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/02/28 22:49:26 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011/02/28 22:49:26 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011/02/28 22:49:25 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/02/28 22:49:25 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/02/28 22:49:25 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/02/28 22:49:25 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/02/28 22:49:25 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/02/28 22:49:25 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/02/28 22:49:25 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/02/28 22:49:24 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/02/28 22:49:24 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/02/28 22:49:24 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/02/28 22:49:24 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/02/28 22:49:24 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/02/28 22:49:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/02/28 22:49:24 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/02/28 22:49:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/02/28 22:49:24 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/02/28 22:49:23 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/02/28 22:49:23 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/02/28 22:49:23 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/02/28 22:49:23 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/02/28 22:49:23 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/02/28 22:49:23 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/02/28 22:49:23 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/02/28 22:49:23 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/02/28 22:49:23 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/02/28 22:49:23 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/02/28 22:49:22 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/02/28 22:49:22 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/02/28 22:49:22 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/02/28 22:49:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/02/28 22:49:22 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/02/28 22:49:22 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/02/28 22:49:22 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/02/28 22:49:22 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/02/28 22:49:22 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/02/28 22:49:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/02/28 22:49:21 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/02/28 22:49:21 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/02/28 22:49:21 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/02/28 22:49:21 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/02/28 22:49:21 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/02/28 22:49:21 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/02/28 22:49:21 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/02/28 22:49:18 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/02/28 22:49:18 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/02/28 22:49:18 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/02/28 22:49:18 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/02/28 22:49:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/02/28 22:49:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/02/28 22:49:17 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/02/28 22:49:17 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/02/28 22:49:17 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/02/28 22:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2011/02/28 17:15:15 | 000,000,000 | ---D | C] -- C:\Users\Spec\Tracing
[2011/02/28 17:05:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/02/28 17:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/02/28 17:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/02/28 17:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/28 17:02:21 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Windows Live
[2011/02/28 17:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/02/28 16:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/02/28 16:48:34 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/02/28 16:48:33 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/02/28 16:48:33 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/02/28 16:48:16 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/02/28 16:48:15 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/02/28 16:48:15 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/02/28 16:48:15 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/02/28 16:48:15 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/02/28 16:48:14 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/02/28 16:47:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/02/28 16:47:59 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/02/28 16:47:57 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/02/28 16:47:56 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/02/28 16:47:56 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/02/28 16:47:56 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/02/28 16:47:56 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/02/28 16:47:56 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/02/28 16:47:55 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/02/28 16:47:25 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/02/28 16:47:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/02/28 16:46:43 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/28 16:46:43 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/28 16:46:43 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/28 16:46:43 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/28 16:46:42 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/28 16:46:42 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/28 16:46:42 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/28 16:46:42 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/28 16:46:42 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/28 16:46:42 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/28 16:46:41 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/28 16:46:41 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/28 16:46:41 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/28 16:46:41 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/28 16:46:41 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/28 16:46:41 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/28 16:46:41 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/28 16:46:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/28 16:46:40 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/28 16:46:40 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/28 16:46:39 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/28 16:46:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/28 16:44:47 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/02/27 23:55:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/02/27 23:55:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/02/27 23:55:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/02/27 23:46:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/02/27 23:46:03 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/02/27 23:46:02 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2011/02/27 23:46:01 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2011/02/27 23:46:00 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/02/27 23:46:00 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2011/02/27 23:45:59 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/02/27 23:45:58 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/02/27 23:45:58 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011/02/27 23:45:57 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2011/02/27 23:45:57 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/02/27 23:45:56 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/02/27 23:45:55 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2011/02/27 23:45:55 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/02/27 23:45:55 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2011/02/27 23:45:54 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2011/02/27 23:45:54 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011/02/27 23:45:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011/02/27 23:45:53 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/02/27 23:45:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011/02/27 23:45:52 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/02/27 23:45:52 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/02/27 23:45:52 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/02/27 23:45:52 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/02/27 23:45:52 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/02/27 23:45:51 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/02/27 23:45:51 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2011/02/27 23:45:51 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2011/02/27 23:45:51 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2011/02/27 23:45:51 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011/02/27 23:45:50 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2011/02/27 23:45:50 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2011/02/27 23:45:49 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011/02/27 23:45:49 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/02/27 23:45:49 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2011/02/27 23:45:48 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/02/27 23:45:48 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/02/27 23:45:48 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/02/27 23:45:48 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/02/27 23:45:48 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2011/02/27 23:45:48 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/02/27 23:45:48 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2011/02/27 23:45:47 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/02/27 23:45:47 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011/02/27 23:45:47 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2011/02/27 23:45:47 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2011/02/27 23:45:46 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2011/02/27 23:45:46 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/02/27 23:45:46 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/02/27 23:45:46 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2011/02/27 23:45:46 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011/02/27 23:45:45 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/02/27 23:45:45 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2011/02/27 23:45:45 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/02/27 23:45:45 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2011/02/27 23:45:45 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2011/02/27 23:45:45 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/02/27 23:45:44 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/02/27 23:45:44 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2011/02/27 23:45:44 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2011/02/27 23:45:44 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2011/02/27 23:45:44 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2011/02/27 23:45:44 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/02/27 23:45:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2011/02/27 23:45:43 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/02/27 23:45:43 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2011/02/27 23:45:43 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/02/27 23:45:43 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2011/02/27 23:45:43 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/02/27 23:45:43 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/02/27 23:45:43 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/02/27 23:45:42 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/02/27 23:45:42 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2011/02/27 23:45:42 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2011/02/27 23:45:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/27 23:45:41 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/02/27 23:45:41 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/02/27 23:45:41 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2011/02/27 23:45:41 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2011/02/27 23:45:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011/02/27 23:45:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2011/02/27 23:45:40 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/02/27 23:45:40 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2011/02/27 23:45:40 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011/02/27 23:45:40 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011/02/27 23:45:40 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2011/02/27 23:45:39 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2011/02/27 23:45:39 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2011/02/27 23:45:39 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2011/02/27 23:45:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011/02/27 23:45:38 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/02/27 23:45:38 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/02/27 23:45:38 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2011/02/27 23:45:38 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/02/27 23:45:38 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/02/27 23:45:37 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/02/27 23:45:37 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/02/27 23:45:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011/02/27 23:45:36 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/02/27 23:45:36 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/02/27 23:45:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/02/27 23:45:36 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011/02/27 23:45:35 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2011/02/27 23:45:35 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011/02/27 23:45:35 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/02/27 23:45:35 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2011/02/27 23:45:35 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2011/02/27 23:45:35 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/02/27 23:45:35 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2011/02/27 23:45:35 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011/02/27 23:45:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2011/02/27 23:45:34 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/02/27 23:45:34 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/02/27 23:45:34 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2011/02/27 23:45:34 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011/02/27 23:45:34 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2011/02/27 23:45:34 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2011/02/27 23:45:34 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2011/02/27 23:45:34 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2011/02/27 23:45:34 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2011/02/27 23:45:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/02/27 23:45:33 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/02/27 23:45:33 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2011/02/27 23:45:33 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/02/27 23:45:33 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/02/27 23:45:33 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/02/27 23:45:33 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/02/27 23:45:33 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2011/02/27 23:45:33 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/02/27 23:45:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/02/27 23:45:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2011/02/27 23:45:33 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011/02/27 23:45:33 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/02/27 23:45:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011/02/27 23:45:32 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/02/27 23:45:32 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011/02/27 23:45:32 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2011/02/27 23:45:32 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/02/27 23:45:32 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011/02/27 23:45:32 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/02/27 23:45:32 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/02/27 23:45:32 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011/02/27 23:45:32 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2011/02/27 23:45:31 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011/02/27 23:45:31 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/02/27 23:45:31 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2011/02/27 23:45:31 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2011/02/27 23:45:31 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2011/02/27 23:45:30 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/02/27 23:45:30 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/02/27 23:45:30 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/02/27 23:45:30 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2011/02/27 23:45:30 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2011/02/27 23:45:30 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011/02/27 23:45:30 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2011/02/27 23:45:30 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/02/27 23:45:30 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011/02/27 23:45:30 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2011/02/27 23:45:30 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2011/02/27 23:45:30 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/02/27 23:45:29 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/02/27 23:45:29 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2011/02/27 23:45:29 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/02/27 23:45:28 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/02/27 23:45:28 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/02/27 23:45:28 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2011/02/27 23:45:28 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/02/27 23:45:28 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/02/27 23:45:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011/02/27 23:45:28 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2011/02/27 23:45:28 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/02/27 23:45:28 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/02/27 23:45:28 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2011/02/27 23:45:28 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/02/27 23:45:27 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011/02/27 23:45:27 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/02/27 23:45:27 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/02/27 23:45:27 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2011/02/27 23:45:27 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/02/27 23:45:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2011/02/27 23:45:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/02/27 23:45:27 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/02/27 23:45:27 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/02/27 23:45:27 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2011/02/27 23:45:27 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011/02/27 23:45:26 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/02/27 23:45:26 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/02/27 23:45:26 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/02/27 23:45:26 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2011/02/27 23:45:26 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011/02/27 23:45:26 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011/02/27 23:45:26 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011/02/27 23:45:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2011/02/27 23:45:25 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/02/27 23:45:25 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2011/02/27 23:45:25 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/02/27 23:45:25 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/02/27 23:45:25 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/02/27 23:45:25 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/02/27 23:45:25 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/02/27 23:45:25 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/02/27 23:45:25 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011/02/27 23:45:25 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2011/02/27 23:45:25 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2011/02/27 23:45:25 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/02/27 23:45:25 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011/02/27 23:45:24 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2011/02/27 23:45:24 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2011/02/27 23:45:24 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2011/02/27 23:45:24 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2011/02/27 23:45:24 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2011/02/27 23:45:24 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/02/27 23:45:24 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2011/02/27 23:45:24 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2011/02/27 23:45:24 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2011/02/27 23:45:24 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/02/27 23:45:24 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011/02/27 23:45:24 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2011/02/27 23:45:24 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2011/02/27 23:45:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011/02/27 23:45:24 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/02/27 23:45:24 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2011/02/27 23:45:23 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/02/27 23:45:23 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/02/27 23:45:23 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/02/27 23:45:23 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/02/27 23:45:23 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2011/02/27 23:45:23 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/02/27 23:45:23 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/02/27 23:45:23 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/02/27 23:45:23 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/02/27 23:45:23 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2011/02/27 23:45:23 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/02/27 23:45:23 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/02/27 23:45:22 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/02/27 23:45:22 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/02/27 23:45:22 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/02/27 23:45:22 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2011/02/27 23:45:22 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/02/27 23:45:22 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/02/27 23:45:22 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011/02/27 23:45:22 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/02/27 23:45:22 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011/02/27 23:45:22 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2011/02/27 23:45:22 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2011/02/27 23:45:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/02/27 23:45:22 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/02/27 23:45:22 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/02/27 23:45:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011/02/27 23:45:21 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/02/27 23:45:21 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/02/27 23:45:21 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/02/27 23:45:21 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/02/27 23:45:21 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/02/27 23:45:21 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/02/27 23:45:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/02/27 23:45:21 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2011/02/27 23:45:21 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/02/27 23:45:21 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2011/02/27 23:45:21 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011/02/27 23:45:21 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2011/02/27 23:45:20 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2011/02/27 23:45:20 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2011/02/27 23:45:20 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/02/27 23:45:20 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/02/27 23:45:20 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/02/27 23:45:20 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011/02/27 23:45:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/02/27 23:45:20 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/02/27 23:45:20 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2011/02/27 23:45:20 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/02/27 23:45:20 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/02/27 23:45:20 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2011/02/27 23:45:20 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/02/27 23:45:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2011/02/27 23:45:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2011/02/27 23:45:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2011/02/27 23:45:20 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/02/27 23:45:20 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2011/02/27 23:45:19 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2011/02/27 23:45:19 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/02/27 23:45:19 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2011/02/27 23:45:19 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/02/27 23:45:19 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2011/02/27 23:45:19 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/02/27 23:45:19 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011/02/27 23:45:19 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/02/27 23:45:19 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2011/02/27 23:45:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2011/02/27 23:45:19 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/02/27 23:45:19 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/02/27 23:45:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2011/02/27 23:45:19 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/02/27 23:45:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/02/27 23:45:19 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/02/27 23:45:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2011/02/27 23:45:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2011/02/27 23:45:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2011/02/27 23:45:18 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2011/02/27 23:45:18 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2011/02/27 23:45:18 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2011/02/27 23:45:18 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/02/27 23:45:18 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/02/27 23:45:18 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011/02/27 23:45:18 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011/02/27 23:45:18 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011/02/27 23:45:18 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/02/27 23:45:18 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2011/02/27 23:45:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/02/27 23:45:18 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2011/02/27 23:45:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/02/27 23:45:18 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/02/27 23:45:18 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/02/27 23:45:17 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011/02/27 23:45:17 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2011/02/27 23:45:17 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/02/27 23:45:17 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/02/27 23:45:17 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2011/02/27 23:45:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2011/02/27 23:45:17 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2011/02/27 23:45:17 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011/02/27 23:45:17 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/02/27 23:45:17 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2011/02/27 23:45:17 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011/02/27 23:45:16 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/02/27 23:45:16 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011/02/27 23:45:16 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/02/27 23:45:16 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2011/02/27 23:45:16 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011/02/27 23:45:16 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2011/02/27 23:45:16 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/02/27 23:45:16 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/02/27 23:45:16 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/02/27 23:45:16 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/02/27 23:45:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/27 23:45:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2011/02/27 23:45:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2011/02/27 23:45:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2011/02/27 23:45:15 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/02/27 23:45:15 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/02/27 23:45:15 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/02/27 23:45:15 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/02/27 23:45:15 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2011/02/27 23:45:15 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2011/02/27 23:45:15 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2011/02/27 23:45:15 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011/02/27 23:45:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2011/02/27 23:45:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/02/27 23:45:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011/02/27 23:45:14 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/02/27 23:45:14 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2011/02/27 23:45:14 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2011/02/27 23:45:14 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2011/02/27 23:45:14 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2011/02/27 23:45:14 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/02/27 23:45:14 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2011/02/27 23:45:14 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2011/02/27 23:45:14 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2011/02/27 23:45:14 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2011/02/27 23:45:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/02/27 23:45:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2011/02/27 23:45:14 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2011/02/27 23:45:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/02/27 23:45:14 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/02/27 23:45:14 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2011/02/27 23:45:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011/02/27 23:45:14 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/02/27 23:45:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2011/02/27 23:45:14 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/02/27 23:45:13 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/02/27 23:45:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/02/27 23:45:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2011/02/27 23:45:13 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/02/27 23:45:13 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/02/27 23:45:13 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2011/02/27 23:45:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/02/27 23:45:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2011/02/27 23:45:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011/02/27 23:45:13 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/02/27 23:45:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011/02/27 23:45:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/02/27 23:45:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/02/27 23:45:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2011/02/27 23:45:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2011/02/27 23:45:12 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011/02/27 23:45:12 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/02/27 23:45:12 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/02/27 23:45:12 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/02/27 23:45:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2011/02/27 23:45:12 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2011/02/27 23:45:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/02/27 23:45:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2011/02/27 23:45:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2011/02/27 23:45:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2011/02/27 23:45:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/27 23:45:11 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2011/02/27 23:45:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2011/02/27 23:45:11 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2011/02/27 23:45:10 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011/02/27 23:45:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011/02/27 23:45:04 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/02/27 23:45:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/02/27 23:45:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/02/27 23:45:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/02/27 23:06:36 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/02/27 23:06:36 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/02/27 23:06:36 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/02/27 23:03:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011/02/27 23:03:02 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/02/27 23:02:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/02/27 23:02:49 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/27 23:02:21 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/27 22:48:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/27 22:13:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/27 22:13:55 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/27 22:13:54 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/27 22:13:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/27 22:13:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/27 22:13:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/27 22:13:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/27 22:13:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/27 22:13:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/27 22:13:53 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/27 22:13:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/27 22:13:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/27 22:13:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/27 22:13:51 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/27 22:13:50 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/27 22:13:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/27 22:13:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/27 22:12:25 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/02/27 22:12:25 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/02/27 22:12:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/02/27 22:12:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/02/27 22:12:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011/02/27 22:12:24 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/02/27 22:12:24 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/02/27 22:12:24 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/02/27 22:12:24 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/02/27 22:12:24 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/02/27 22:12:24 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/02/27 22:12:23 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/02/27 22:12:23 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/02/27 22:12:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/02/27 22:12:23 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/02/27 22:12:23 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/02/27 22:12:22 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/02/27 22:12:21 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/02/27 22:12:21 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/02/27 22:12:21 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/02/27 22:12:21 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/02/27 22:12:21 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/02/27 22:12:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/02/27 22:06:04 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/02/27 21:55:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/27 21:55:32 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/27 21:55:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/27 21:55:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/27 21:55:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/27 21:55:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/27 21:55:31 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/27 21:55:31 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/27 21:55:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/27 21:55:31 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/27 21:55:31 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/27 21:55:29 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/27 21:55:29 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/27 21:55:29 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/27 21:55:29 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/27 21:55:29 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/27 21:54:40 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/02/27 21:54:40 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/02/27 21:54:35 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/02/27 21:54:33 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/02/27 21:54:33 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/02/27 21:54:33 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/02/27 21:54:33 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/02/27 21:54:32 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/02/27 21:54:32 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/02/27 21:54:02 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/02/27 21:54:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/02/27 21:54:01 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/02/27 21:53:49 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/02/27 21:53:48 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/02/27 21:53:48 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/02/27 21:53:48 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/02/27 21:53:48 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/02/27 21:53:48 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/02/27 21:53:48 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/02/27 21:53:31 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/02/27 21:53:20 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/27 21:53:19 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/27 21:53:13 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/02/27 21:53:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/02/27 21:53:13 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/02/27 21:53:12 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/02/27 21:53:10 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/02/27 21:53:09 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/02/27 21:53:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/02/27 21:53:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2011/02/27 21:53:07 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/02/27 21:53:06 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/02/27 21:53:06 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/02/27 21:53:04 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/02/27 21:53:04 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/02/27 21:53:04 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/02/27 21:53:04 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2011/02/27 21:53:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2011/02/27 21:52:59 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/02/27 21:52:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/02/27 21:52:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/02/27 21:52:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/02/27 21:52:50 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/02/27 21:52:47 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011/02/27 21:52:46 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/27 21:52:42 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/02/27 21:52:42 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/02/27 21:52:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/02/27 21:52:14 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/27 21:52:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/02/27 21:52:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/27 21:52:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/02/27 21:52:11 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/02/27 21:52:08 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/02/27 21:52:07 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/02/27 21:52:07 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2011/02/27 21:52:07 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/02/27 21:52:06 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/02/27 21:52:05 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/02/27 21:52:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/02/27 21:52:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/02/27 21:52:01 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/02/27 21:51:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/02/27 21:51:47 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/02/27 21:51:34 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/02/27 21:51:34 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/02/27 21:51:33 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011/02/27 21:51:33 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/02/27 21:51:30 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011/02/27 21:45:01 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/02/27 21:43:46 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/02/27 21:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/02/27 21:26:24 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/02/27 21:26:24 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/02/27 21:26:18 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/02/27 21:26:18 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/02/27 21:26:18 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/02/27 21:26:16 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/02/27 21:26:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/02/27 21:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/02/27 21:21:43 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011/02/27 21:21:43 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011/02/27 21:21:43 | 010,467,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011/02/27 21:21:43 | 010,078,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011/02/27 21:21:43 | 005,653,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2011/02/27 21:21:43 | 004,941,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011/02/27 21:21:43 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011/02/27 21:21:43 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011/02/27 21:21:43 | 000,941,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322090.dll
[2011/02/27 21:21:43 | 000,837,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322040.dll
[2011/02/27 21:21:43 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/02/27 21:21:43 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2011/02/27 21:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/02/27 21:20:56 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/02/27 21:13:44 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/27 21:13:44 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/27 21:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/27 21:13:43 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/27 21:13:43 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/27 21:13:42 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/02/27 21:13:42 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/27 21:13:11 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/27 21:13:11 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/27 21:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/02/27 21:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/02/27 21:02:44 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Mozilla
[2011/02/27 21:02:43 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Mozilla
[2011/02/27 21:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/27 21:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/27 20:57:58 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Macromedia
[2011/02/27 20:57:58 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Adobe
[2011/02/27 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Hewlett-Packard
[2011/02/27 20:40:57 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Hewlett-Packard
[2011/02/27 20:40:56 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\PowerCinema
[2011/02/27 20:40:45 | 000,000,000 | R--D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/27 20:40:45 | 000,000,000 | R--D | C] -- C:\Users\Spec\Searches
[2011/02/27 20:40:45 | 000,000,000 | R--D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/27 20:40:39 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\Identities
[2011/02/27 20:40:38 | 000,000,000 | R--D | C] -- C:\Users\Spec\Contacts
[2011/02/27 20:40:37 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\VirtualStore
[2011/02/27 20:32:05 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Roaming\HP TCS
[2011/02/27 20:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
[2011/02/27 20:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Try Microsoft Office for 60 days
[2011/02/27 20:29:57 | 000,000,000 | --SD | C] -- C:\Users\Spec\AppData\Roaming\Microsoft
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Videos
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Saved Games
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Pictures
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Music
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Links
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Favorites
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Downloads
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Documents
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\Desktop
[2011/02/27 20:29:57 | 000,000,000 | R--D | C] -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\AppData\Local\Temporary Internet Files
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Templates
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Start Menu
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\SendTo
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Recent
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\PrintHood
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\NetHood
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Documents\My Videos
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Documents\My Pictures
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Documents\My Music
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\My Documents
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Local Settings
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\AppData\Local\History
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Cookies
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\Application Data
[2011/02/27 20:29:57 | 000,000,000 | -HSD | C] -- C:\Users\Spec\AppData\Local\Application Data
[2011/02/27 20:29:57 | 000,000,000 | -H-D | C] -- C:\Users\Spec\AppData
[2011/02/27 20:29:57 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Temp
[2011/02/27 20:29:57 | 000,000,000 | ---D | C] -- C:\Users\Spec\AppData\Local\Microsoft
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011/02/27 20:26:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2011/02/27 20:19:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/02/27 20:18:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/03/24 17:06:21 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/24 17:06:21 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/24 17:00:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/24 17:00:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/24 17:00:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/24 16:59:54 | 3219,210,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/24 16:42:51 | 000,000,680 | ---- | M] () -- C:\Users\Spec\AppData\Local\d3d9caps.dat
[2011/03/23 16:17:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Spec\Desktop\OTL.exe
[2011/03/21 21:32:19 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/03/20 13:27:38 | 000,000,215 | ---- | M] () -- C:\Users\Spec\Desktop\Monday Night Combat.url
[2011/03/20 12:51:24 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/03/19 21:00:23 | 000,000,000 | ---- | M] () -- C:\Users\Spec\defogger_reenable
[2011/03/18 20:08:11 | 000,018,499 | ---- | M] () -- C:\Users\Spec\Desktop\Colin.jpg
[2011/03/18 20:07:39 | 000,025,078 | ---- | M] () -- C:\Users\Spec\Desktop\Mc.jpg
[2011/03/18 20:07:07 | 000,024,538 | ---- | M] () -- C:\Users\Spec\Desktop\Rae.jpg
[2011/03/18 20:06:32 | 000,027,811 | ---- | M] () -- C:\Users\Spec\Desktop\DiRT.jpg
[2011/03/18 20:05:14 | 000,015,717 | ---- | M] () -- C:\Users\Spec\Desktop\Two.jpg
[2011/03/18 19:55:51 | 000,005,917 | ---- | M] () -- C:\Users\Spec\Desktop\Devil.jpg
[2011/03/18 19:55:18 | 000,006,854 | ---- | M] () -- C:\Users\Spec\Desktop\May.jpg
[2011/03/18 19:54:34 | 000,011,817 | ---- | M] () -- C:\Users\Spec\Desktop\Cry.jpg
[2011/03/18 19:53:45 | 000,009,392 | ---- | M] () -- C:\Users\Spec\Desktop\4.jpg
[2011/03/18 19:37:22 | 000,012,781 | ---- | M] () -- C:\Users\Spec\Desktop\N.jpg
[2011/03/18 19:35:43 | 000,015,279 | ---- | M] () -- C:\Users\Spec\Desktop\E.jpg
[2011/03/18 19:35:05 | 000,018,244 | ---- | M] () -- C:\Users\Spec\Desktop\R.jpg
[2011/03/18 19:33:47 | 000,018,627 | ---- | M] () -- C:\Users\Spec\Desktop\O.jpg
[2011/03/18 19:27:45 | 000,008,131 | ---- | M] () -- C:\Users\Spec\Desktop\Fa.jpg
[2011/03/18 19:27:14 | 000,008,250 | ---- | M] () -- C:\Users\Spec\Desktop\rC.jpg
[2011/03/18 19:26:05 | 000,008,541 | ---- | M] () -- C:\Users\Spec\Desktop\ry.jpg
[2011/03/18 19:25:29 | 000,007,792 | ---- | M] () -- C:\Users\Spec\Desktop\2.jpg
[2011/03/18 16:17:54 | 000,008,039 | ---- | M] () -- C:\Users\Spec\Desktop\P..jpg
[2011/03/18 16:17:20 | 000,008,905 | ---- | M] () -- C:\Users\Spec\Desktop\U..jpg
[2011/03/18 16:16:46 | 000,008,231 | ---- | M] () -- C:\Users\Spec\Desktop\R..jpg
[2011/03/18 16:16:08 | 000,008,597 | ---- | M] () -- C:\Users\Spec\Desktop\E..jpg
[2011/03/18 16:15:32 | 000,007,945 | ---- | M] () -- C:\Users\Spec\Desktop\..jpg
[2011/03/18 16:05:25 | 000,021,838 | ---- | M] () -- C:\Users\Spec\Desktop\T.jpg
[2011/03/18 16:04:42 | 000,020,507 | ---- | M] () -- C:\Users\Spec\Desktop\em.jpg
[2011/03/18 16:04:15 | 000,016,941 | ---- | M] () -- C:\Users\Spec\Desktop\pe.jpg
[2011/03/18 16:03:32 | 000,019,242 | ---- | M] () -- C:\Users\Spec\Desktop\st.jpg
[2011/03/18 16:01:44 | 000,022,433 | ---- | M] () -- C:\Users\Spec\Desktop\a.jpg
[2011/03/15 22:31:35 | 000,005,113 | ---- | M] () -- C:\Users\Spec\Desktop\Spectre.jpg
[2011/03/15 17:15:23 | 000,001,106 | ---- | M] () -- C:\Windows\disney.ini
[2011/03/15 17:14:41 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Pure.lnk
[2011/03/13 19:25:06 | 000,000,944 | ---- | M] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/07 16:44:06 | 000,001,490 | ---- | M] () -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
[2011/03/05 17:02:47 | 000,000,936 | ---- | M] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/05 11:48:19 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011/03/05 11:46:31 | 000,022,328 | ---- | M] () -- C:\Users\Spec\AppData\Roaming\PnkBstrK.sys
[2011/03/02 20:02:52 | 000,008,697 | ---- | M] () -- C:\Users\Spec\Desktop\Wolf.jpg
[2011/03/02 19:42:08 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/02/28 23:09:18 | 000,288,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/28 22:49:29 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/02/28 22:49:29 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/02/28 16:49:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/02/27 22:52:21 | 000,000,949 | ---- | M] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/27 21:35:19 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/02/27 21:13:42 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/27 21:02:12 | 000,001,754 | ---- | M] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/27 20:30:36 | 000,001,829 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_CPC_NJ059AA-AB4 SR5880D_YC_0Pres_QCNX914_E92APv3PrA1_49_INapa_SFOXCONN_VHP P N_B5.23_T090211_WUH1_L409_M3070_J500_7Intel_8Core2 Quad Q8200_92.33_#090404_N10DE07DC_Z_G10DE0622.MRK
[2011/02/27 20:23:01 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/02/23 23:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/23 23:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/23 22:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/02/23 22:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/23 22:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/23 22:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/23 22:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/23 22:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/22 22:13:01 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/22 21:33:12 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

========== Files Created - No Company Name ==========

[2011/03/24 16:41:01 | 3219,210,240 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/21 21:32:19 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/03/20 13:27:38 | 000,000,215 | ---- | C] () -- C:\Users\Spec\Desktop\Monday Night Combat.url
[2011/03/20 12:51:24 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/03/19 21:00:23 | 000,000,000 | ---- | C] () -- C:\Users\Spec\defogger_reenable
[2011/03/18 20:08:11 | 000,018,499 | ---- | C] () -- C:\Users\Spec\Desktop\Colin.jpg
[2011/03/18 20:07:39 | 000,025,078 | ---- | C] () -- C:\Users\Spec\Desktop\Mc.jpg
[2011/03/18 20:07:07 | 000,024,538 | ---- | C] () -- C:\Users\Spec\Desktop\Rae.jpg
[2011/03/18 20:06:32 | 000,027,811 | ---- | C] () -- C:\Users\Spec\Desktop\DiRT.jpg
[2011/03/18 20:05:14 | 000,015,717 | ---- | C] () -- C:\Users\Spec\Desktop\Two.jpg
[2011/03/18 19:55:51 | 000,005,917 | ---- | C] () -- C:\Users\Spec\Desktop\Devil.jpg
[2011/03/18 19:55:18 | 000,006,854 | ---- | C] () -- C:\Users\Spec\Desktop\May.jpg
[2011/03/18 19:54:34 | 000,011,817 | ---- | C] () -- C:\Users\Spec\Desktop\Cry.jpg
[2011/03/18 19:53:45 | 000,009,392 | ---- | C] () -- C:\Users\Spec\Desktop\4.jpg
[2011/03/18 19:37:22 | 000,012,781 | ---- | C] () -- C:\Users\Spec\Desktop\N.jpg
[2011/03/18 19:35:43 | 000,015,279 | ---- | C] () -- C:\Users\Spec\Desktop\E.jpg
[2011/03/18 19:35:05 | 000,018,244 | ---- | C] () -- C:\Users\Spec\Desktop\R.jpg
[2011/03/18 19:33:47 | 000,018,627 | ---- | C] () -- C:\Users\Spec\Desktop\O.jpg
[2011/03/18 19:27:45 | 000,008,131 | ---- | C] () -- C:\Users\Spec\Desktop\Fa.jpg
[2011/03/18 19:27:14 | 000,008,250 | ---- | C] () -- C:\Users\Spec\Desktop\rC.jpg
[2011/03/18 19:26:05 | 000,008,541 | ---- | C] () -- C:\Users\Spec\Desktop\ry.jpg
[2011/03/18 19:25:28 | 000,007,792 | ---- | C] () -- C:\Users\Spec\Desktop\2.jpg
[2011/03/18 16:17:54 | 000,008,039 | ---- | C] () -- C:\Users\Spec\Desktop\P..jpg
[2011/03/18 16:17:20 | 000,008,905 | ---- | C] () -- C:\Users\Spec\Desktop\U..jpg
[2011/03/18 16:16:46 | 000,008,231 | ---- | C] () -- C:\Users\Spec\Desktop\R..jpg
[2011/03/18 16:16:08 | 000,008,597 | ---- | C] () -- C:\Users\Spec\Desktop\E..jpg
[2011/03/18 16:15:32 | 000,007,945 | ---- | C] () -- C:\Users\Spec\Desktop\..jpg
[2011/03/18 16:05:25 | 000,021,838 | ---- | C] () -- C:\Users\Spec\Desktop\T.jpg
[2011/03/18 16:04:42 | 000,020,507 | ---- | C] () -- C:\Users\Spec\Desktop\em.jpg
[2011/03/18 16:04:14 | 000,016,941 | ---- | C] () -- C:\Users\Spec\Desktop\pe.jpg
[2011/03/18 16:03:31 | 000,019,242 | ---- | C] () -- C:\Users\Spec\Desktop\st.jpg
[2011/03/18 16:01:44 | 000,022,433 | ---- | C] () -- C:\Users\Spec\Desktop\a.jpg
[2011/03/15 22:31:35 | 000,005,113 | ---- | C] () -- C:\Users\Spec\Desktop\Spectre.jpg
[2011/03/15 17:14:41 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Pure.lnk
[2011/03/15 17:04:28 | 000,001,106 | ---- | C] () -- C:\Windows\disney.ini
[2011/03/13 19:25:06 | 000,000,944 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/03/07 16:44:06 | 000,001,490 | ---- | C] () -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
[2011/03/05 17:02:47 | 000,000,936 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/05 11:16:44 | 000,022,328 | ---- | C] () -- C:\Users\Spec\AppData\Roaming\PnkBstrK.sys
[2011/03/02 20:02:52 | 000,008,697 | ---- | C] () -- C:\Users\Spec\Desktop\Wolf.jpg
[2011/03/02 19:42:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/02 15:53:19 | 000,000,680 | ---- | C] () -- C:\Users\Spec\AppData\Local\d3d9caps.dat
[2011/02/28 17:08:43 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/02/28 16:49:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/02/27 23:45:47 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/02/27 23:45:46 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/02/27 23:45:43 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/02/27 23:45:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/27 23:45:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/27 23:45:40 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/02/27 23:45:38 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/02/27 23:45:31 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/02/27 23:45:30 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/02/27 23:45:12 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/02/27 22:13:53 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/02/27 21:55:29 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/27 21:55:29 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/27 21:55:29 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/27 21:53:05 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/02/27 21:23:09 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/02/27 21:21:43 | 000,004,756 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/02/27 21:02:12 | 000,001,754 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/27 20:55:05 | 000,000,949 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/27 20:40:46 | 000,000,955 | ---- | C] () -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/27 20:40:45 | 000,000,950 | ---- | C] () -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/02/27 20:40:38 | 000,000,921 | ---- | C] () -- C:\Users\Spec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/02/27 20:30:29 | 000,001,829 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_CPC_NJ059AA-AB4 SR5880D_YC_0Pres_QCNX914_E92APv3PrA1_49_INapa_SFOXCONN_VHP P N_B5.23_T090211_WUH1_L409_M3070_J500_7Intel_8Core2 Quad Q8200_92.33_#090404_N10DE07DC_Z_G10DE0622.MRK
[2011/02/27 20:30:21 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.com.sg.lnk
[2011/02/27 20:29:57 | 000,000,258 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/27 20:29:57 | 000,000,240 | ---- | C] () -- C:\Users\Spec\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/02/20 07:40:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/19 16:45:00 | 000,032,631 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/19 16:19:31 | 000,032,631 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/19 16:03:05 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/02/19 16:03:05 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2006/11/02 20:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:44:53 | 000,288,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 18:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

#11 tarkovsky

tarkovsky
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 24 March 2011 - 04:32 AM

OTL Extras logfile created on: 24/3/2011 5:21:49 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Spec\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.01 Gb Total Space | 386.08 Gb Free Space | 84.85% Space Free | Partition Type: NTFS
Drive D: | 10.75 Gb Total Space | 2.84 Gb Free Space | 26.38% Space Free | Partition Type: NTFS
Drive E: | 2.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SPEC-PC | User Name: Spec | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1584598523-393161003-2119424171-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26004814-4D6D-47FB-9230-A194102C093A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{629CF704-B6AD-43AA-88A8-F12F950FE304}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C9723F-24E3-4220-9A59-AD90441EF135}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{04150EB2-CDA7-4F60-9138-74346D7657B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{1D79E327-25A0-4B1E-AD36-F5B323FC7AC5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{28E4FAC3-F612-4CAA-8570-901E030B507E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2D88153A-A7B0-4A48-9645-7E6DC9A5DFCF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{2E1B2081-1ED9-49E4-9E6C-523813A7E61A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{3DE6AD7B-6D84-4C90-8F7B-30035D88362E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{434CD520-41F3-48C9-BCD5-00EF23544004}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F806F2E-4B19-48A5-BCE5-8793CE3A1734}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{71167226-E697-4DDC-8EAF-99E94B7C3BC7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{7AC4E175-C5B6-4734-8119-CA4BEC33922B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{7F6B2413-A283-4941-ABD7-AD64187EE24E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{8E63FE3C-0D58-4EDC-A93D-1E001744D710}" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt2\dirt2_game.exe |
"{985BA7F0-E99A-462A-9EBA-C766F8534B85}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9ED8B1D9-FB13-4F2D-8950-023E8F6B031D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{A9708760-E681-4548-8BAE-1149A6121946}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B8A73919-9B09-4D48-A627-D72BCE63D6DE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BB1D330D-72F3-41AD-9959-FD834D1F6339}" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt2\dirt2_game.exe |
"{C6428DAA-E2A0-443A-95E2-C137328AD9CF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{D269F7A1-17E7-4DAB-92AC-BAACBB992D88}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8BCBF7C-3D44-4897-ABAC-19B936C818D4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E8D1E7EE-84BF-4812-BBA0-2C4393628551}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F3AC1790-8EAD-442C-8056-DA1F33C3C33D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |
"{F5666691-90A2-4934-A441-6D9E332046E2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}" = LightScribe System Software 1.14.32.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"BrothersInArms" = Brothers In Arms
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OpenAL" = OpenAL
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"pywin32-py2.6" = Python 2.6 pywin32-212
"Shattered Galaxy" = Shattered Galaxy
"Steam App 63200" = Monday Night Combat
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/3/2011 11:39:31 PM | Computer Name = Spec-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/3/2011 12:18:11 AM | Computer Name = Spec-PC | Source = WinMgmt | ID = 10
Description =

Error - 19/3/2011 9:08:15 AM | Computer Name = Spec-PC | Source = Perflib | ID = 1010
Description =

Error - 19/3/2011 9:08:15 AM | Computer Name = Spec-PC | Source = PerfNet | ID = 2005
Description =

Error - 19/3/2011 11:13:31 PM | Computer Name = Spec-PC | Source = WinMgmt | ID = 10
Description =

Error - 20/3/2011 2:53:44 AM | Computer Name = Spec-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4079 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 15f4 Start Time: 01cbe6be8e11876e Termination Time: 19

Error - 20/3/2011 2:53:45 AM | Computer Name = Spec-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4079, time
stamp 0x4d6fb663, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc0000005, fault offset 0x00048822, process id 0x6c0,
application start time 0x01cbe6c1c3c7800e.

Error - 20/3/2011 3:24:03 AM | Computer Name = Spec-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 20/3/2011 3:38:57 AM | Computer Name = Spec-PC | Source = Application Hang | ID = 1002
Description = The program mnc.exe version 1.0.5694.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: e6c Start Time: 01cbe6cfcaf38ebe Termination Time: 180

Error - 20/3/2011 3:41:10 AM | Computer Name = Spec-PC | Source = Application Hang | ID = 1002
Description = The program mnc.exe version 1.0.5694.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 11ec Start Time: 01cbe6d1e2a8abbe Termination Time: 125

[ System Events ]
Error - 21/3/2011 5:10:06 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/3/2011 5:10:06 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/3/2011 5:10:06 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 22/3/2011 6:17:45 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/3/2011 6:17:45 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/3/2011 6:17:45 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 22/3/2011 9:18:07 AM | Computer Name = Spec-PC | Source = DCOM | ID = 10016
Description =

Error - 23/3/2011 3:45:33 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 23/3/2011 3:45:33 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/3/2011 3:45:33 AM | Computer Name = Spec-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#12 tarkovsky

tarkovsky
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 24 March 2011 - 04:40 AM

MBAM is already installed in my computer, but the MBAM icon does not show up. The MBAM icon looks like it is broken or something. MBAM still works fine though.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6150

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

24/3/2011 5:39:35 PM
mbam-log-2011-03-24 (17-39-35).txt

Scan type: Quick scan
Objects scanned: 141447
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 tarkovsky

tarkovsky
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 24 March 2011 - 05:59 AM

ESET did not find any threats.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 24 March 2011 - 06:57 PM

You may want to uninstall and reinstall MBAM and see if it helps. Still, the definitions were updated and it ran. Perhaps you renamed MBAM or moved it from when the shortcut was created? How is everything running? I think we're about ready to clean up once we fix the MBAM icon.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 tarkovsky

tarkovsky
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 24 March 2011 - 09:56 PM

Everything is running perfectly fine. MBAM seems to work just fine. I moved the shortcut into a folder and moved it back to the desktop. I also ran ESET scan while Avast shields were up. Some other applications' icons also cannot be displayed but they work fine. What should I do now?

Edited by tarkovsky, 24 March 2011 - 10:01 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users