Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected or just full of conflicts? I tried & I'm lost!


  • Please log in to reply
26 replies to this topic

#1 StartingOver

StartingOver

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:04:51 AM

Posted 04 July 2011 - 05:03 PM

I'll start this as brief as possible. I can barely accomplish anything at the pace my system is running! I don't use a lot of software but, what I do have are resource hogs. However, I've never had this much trouble. I run CCleaner regularly. I use Comodo's free firewall and aVast! Free active anti-malware scanning software. I also run MBAM (free version) regularly (and manually). I don't think I have two or more active anti-malware programs running concurrently. I've recently physically cleaned the system, right down to removing the fan, heat sink & processor and applying a new coat of silver oxide paste before reinstalling. No matter what I do, my system just keeps getting slower!

With that said, I'm aware that I'm running something of a dinosaur. But, it's always been fairly speedy and reliable, up until now. Here are the specs:

HP Pavilion a1100y CTO
Motherboard: ASUS PTGV-LA (HP/Compaq's name is Grafito GL8E)
Processor: Celeron 2.80 GHz
Front Side Bus: 533 GHz
Memory: 2 GB (2 x 1 GB sticks) DDR2
HDD #1: 40 GB (Original with system) Split 30 GB as C: drive and about 10GB as the recovery (D:) drive.
HDD #2: 160 GB Western Digital (Model #WD1600AAJS)

My printer is a new HP Officejet 6500 (about 6 months old). Mouse & Keyboard are a Logitech wireless desktop system. My Monitor is an Acer 23 in. flat screen, about 6 months old.

I could continue to complain and rant about the various problems I'm having but, I don't want to waste anyone's time. Please let me know what you would like me to provide and where you would like me to start. (I was thinking about starting with a nice .40 Caliber Smith & Wesson & putting this poor excuse for a boat anchor out of MY misery, but that's another story!)

Please help!

Thank you in advance.

StartingOver

I'm sorry. I failed to put my operating system in this post. It's Windows XP SP3 and, as of two days ago, it was fully updated.

Edited by StartingOver, 04 July 2011 - 05:05 PM.

Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 AM

Posted 04 July 2011 - 06:18 PM

Let's start with this...

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:04:51 AM

Posted 04 July 2011 - 06:44 PM

Hi Broni;

Thanks for the quick reply! Here is the report you asked for. I hope I did this right. I tried to simply copy the text file & paste it here but, that didn't work. I either don't know how to post a file or I don't have permission (I seem to remember that we can't post entire files for risk of passing on an infection. Please let me know if I should have done something different. Here's the contents:

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 76.56 0 K 28 K
System 4 3.13 0 K 252 K
Interrupts n/a 7.81 0 K 0 K Hardware Interrupts and DPCs
smss.exe 520 184 K 436 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 772 10.94 1,528 K 4,084 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 796 6,640 K 3,928 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 840 2,520 K 4,632 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 996 3,856 K 6,260 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k DcomLaunch
hpqbam08.exe 1924 1,608 K 4,968 K HP CUE Alert Popup Window Objects Hewlett-Packard Co. "C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
hpqgpc01.exe 1108 3,620 K 8,488 K GPCore COM object Hewlett-Packard "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
WINWORD.EXE 2752 12,020 K 23,672 K Microsoft Office Word Microsoft Corporation "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
OfficeLiveSignIn.exe 4032 1,680 K 4,424 K Microsoft Office Live Add-in Sign-in Microsoft Corp. "C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe" Object -Embedding
wmiprvse.exe 3968 3,032 K 6,060 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe 1044 2,704 K 5,740 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k rpcss
cmdagent.exe 1080 37,444 K 1,348 K COMODO Internet Security COMODO "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
svchost.exe 1128 18,856 K 29,888 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe 1300 2,048 K 4,716 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 1460 6,004 K 8,088 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
AvastSvc.exe 1792 11,008 K 4,580 K avast! Service AVAST Software "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
spoolsv.exe 1916 5,340 K 8,000 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 2204 2,060 K 4,844 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
ACService.exe 2240 1,500 K 3,468 K ArcSoft Connect Service ArcSoft Inc. "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
dtsslsrv.exe 2252 2,648 K 6,592 K "C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe"
DTSRVC.exe 2340 1,020 K 2,412 K "C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe"
svchost.exe 2404 4,804 K 8,292 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
svchost.exe 2432 7,144 K 8,408 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k HPService
InCDsrv.exe 2516 3,980 K 7,080 K incdsrv Nero AG "C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe"
jqs.exe 2656 2,916 K 1,500 K Java™ Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LSSrvc.exe 2696 1,428 K 3,808 K LightScribe Service Hewlett-Packard Company "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
MDM.EXE 2860 1,708 K 4,252 K Machine Debug Manager Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
svchost.exe 2880 1,768 K 4,068 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HPZ12
pdisrvc.exe 2912 1,092 K 2,600 K pdisrvc Portrait Displays, Inc. "C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe"
svchost.exe 2932 1,844 K 4,148 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HPZ12
RichVideo.exe 2976 1,536 K 4,024 K RichVideo Module "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
svchost.exe 3060 3,984 K 6,308 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
alg.exe 4044 1,860 K 4,672 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
svchost.exe 1500 2,256 K 4,540 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HTTPFilter
lsass.exe 852 4,660 K 7,484 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 1532 19,648 K 31,652 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
cfp.exe 440 17,700 K 4,756 K COMODO Internet Security COMODO "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
AvastUI.exe 412 4,960 K 3,376 K avast! Antivirus AVAST Software "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
hpqtra08.exe 696 7,904 K 14,700 K HP Digital Imaging Monitor Hewlett-Packard Co. "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
hpqste08.exe 2992 4,952 K 9,160 K HP CUE Status Root Hewlett-Packard Co. "C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Officejet 6500 E709a Series#1302729830" -Startup
OUTLOOK.EXE 4008 25,576 K 41,604 K Microsoft Office Outlook Microsoft Corporation "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" /recycle
iexplore.exe 3812 7,044 K 15,048 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe 2156 25,568 K 34,900 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3812 CREDAT:14337
procexp.exe 3964 1.56 12,900 K 17,296 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\5H4NXVG7\ProcessExplorer[1]\procexp.exe"




Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 AM

Posted 04 July 2011 - 07:05 PM

You did fine :)

I can see these three processes being abnormally high:
csrss.exe
Interrupts
System

Check Primary and Secondary IDE settings: Device Manager -> IDE ATA/ATAPI controllers -> Primary or Secondary IDE Channel -> Properties -> Advanced Settings. Look at the Current Transfer Mode field.
See, if it's in PIO mode instead of DMA mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:04:51 AM

Posted 04 July 2011 - 07:22 PM

I have two primaries listed and one secondary.

The first primary says: Transfer Mode: DMA If Available. Current Transfer Mode: Ultra DMA Mode 4
The second primary says: Tansfer Mode: DMA If Available Current Transfer Mode: Ultra DMA Mode 2

The one secondary says: Transfer Mode: DMA If Available Current Transfer Mode: Not Applicable
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 AM

Posted 04 July 2011 - 07:28 PM

Can this one be set to DMA, or there is no such option there?
The one secondary says: Transfer Mode: DMA If Available Current Transfer Mode: Not Applicable

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:04:51 AM

Posted 04 July 2011 - 07:48 PM

There's no setting I can change. And I don't know if I explained everything as well as I should have in my last post. And, you probably already know this but:

Both of the primary channels and the secondary channel have a listing for "Device 0" and "Device 1"

On the first primary channel:
For Device 0:
Device Type: AutoDetection (This area is greyed out and inaccessible in all instances)
Transfer Mode: DMA If Available
Current Transfer Mode: Ultra DMA Mode 4

For Device 1:
Device Type: Auto Detection
Transfer Mode: DMA If Available
Current Transfer Mode: Ultra DMA Mode 2

The second Primary Channel shows:
For Device 0:
Device Type: AutoDetection
Transfer Mode: DMA If Available
Current Transfer Mode: Ultra DMA Mode 5

For Device 1:
Device Type: AutoDetection
Transfer Mode: DMA If Available
Current Transfer Mode: Ultra DMA Mode 5

For the secondary channel:
For Device 0
Device Type: AutoDetection (This was selectable as AutoDetection or None)
Transfer Mode: DMA If Available (This was selectable as: DMA If Available or PIO Only)
Current Transfer Mode: Not Applicable

For Device 1:
Device Type: AutoDetection (This was selectable as AutoDetection or None)
Transfer Mode: DMA If Available (This was selectable as DMA If Available or PIO Only)
Current Transfer Mode: Not Applicable

Hope this helps.
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 AM

Posted 04 July 2011 - 07:58 PM

That looks good then...

Let's run some checks...

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:04:51 AM

Posted 06 July 2011 - 04:35 AM

Broni;

Please bear with me. I had to leave yesterday before getting a chance to proceed with the steps in your last post. When I returned I had a BSOD! This is what I was afraid of. I have too much riding on this old system. However, there are no funds to change things right now.

So, I'm back up and running after a couple of false-start reboots. I didn't do anything to the system other than attempt reboots to get back up & running. I will proceed with the steps from your last post now.

Thanks for your patience.
StartingOver
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 AM

Posted 06 July 2011 - 06:56 PM

Fair enough.
Go on...

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:04:51 AM

Posted 07 July 2011 - 10:21 AM

Broni;

I've tried to post these reports twice & my reply doesn't seem to show up. Now, I'm seeing the message that my post was too long. So, I'm going to try sending GMER report separate. Here are the other three reports:


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7013

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/6/2011 4:52:00 AM
mbam-log-2011-07-06 (04-52-00).txt

Scan type: Quick scan
Objects scanned: 158382
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



MiniToolBox by Farbar
Ran by HP_Owner (administrator) on 06-07-2011 at 04:43:33
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================
=============== Hosts content: ============================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : MARTY-DESKTOP Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Wireless Network Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Linksys AE1000 #2 Physical Address. . . . . . . . . : 68-7F-74-FA-CB-A0 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.101 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : Tuesday, July 05, 2011 8:55:18 AM Lease Expires . . . . . . . . . . : Tuesday, July 12, 2011 8:55:18 AMServer: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.227.16, 74.125.227.18, 74.125.227.20, 74.125.227.19
74.125.227.17

Pinging google.com [74.125.227.17] with 32 bytes of data:Reply from 74.125.227.17: bytes=32 time=33ms TTL=51Reply from 74.125.227.17: bytes=32 time=29ms TTL=51Ping statistics for 74.125.227.17: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 29ms, Maximum = 33ms, Average = 31msServer: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:Reply from 72.30.2.43: bytes=32 time=66ms TTL=55Reply from 72.30.2.43: bytes=32 time=65ms TTL=55Ping statistics for 72.30.2.43: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 65ms, Maximum = 66ms, Average = 65msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...68 7f 74 fa cb a0 ...... Linksys AE1000 #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.101 192.168.0.101 20
192.168.0.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.101 192.168.0.101 20
224.0.0.0 240.0.0.0 192.168.0.101 192.168.0.101 20
255.255.255.255 255.255.255.255 192.168.0.101 192.168.0.101 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/05/2011 09:17:47 AM) (Source: BugSplat) (User: )
Description: This event has been logged by the BugSplat crash reporting library (http://www.bugsplatsoftware.com)
in partnership with your vendor SU8Win.
A crash report from the application 'SketchUp' has been successfully logged into the BugSplat database with id=309087.
Please contact your vendor for more information.

Error: (07/04/2011 04:20:21 AM) (Source: Application Hang) (User: )
Description: Fault bucket 2032286509.

Error: (07/04/2011 04:20:04 AM) (Source: Application Hang) (User: )
Description: Hanging application Tcw17.exe, version 17.2.58.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/23/2011 11:55:38 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/23/2011 08:21:25 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1816055773.

Error: (06/23/2011 08:21:20 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1816055773.

Error: (06/23/2011 04:25:57 AM) (Source: Application Hang) (User: )
Description: Hanging application _iu14D2N.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/23/2011 04:24:54 AM) (Source: Application Hang) (User: )
Description: Hanging application _iu14D2N.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/18/2011 09:30:19 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (06/18/2011 09:28:17 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/05/2011 00:03:12 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{66E26972-1C1F-4C96-9D15-7AD913F176AB}.
The backup browser is stopping.

Error: (07/04/2011 02:38:44 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{66E26972-1C1F-4C96-9D15-7AD913F176AB}.
The backup browser is stopping.

Error: (07/04/2011 11:19:40 AM) (Source: Print) (User: HP_Owner)
Description: The document BarnDim_070311.TCW owned by HP_Owner failed to print on printer HP Officejet 6500 E709a Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\MARTY-DESKTOP. Win32 error code returned by the print processor: BarnDim_070311.TCW0. BarnDim_070311.TCW1

Error: (07/04/2011 11:16:45 AM) (Source: Print) (User: HP_Owner)
Description: The document BarnDim_070311.TCW owned by HP_Owner failed to print on printer HP Officejet 6500 E709a Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\MARTY-DESKTOP. Win32 error code returned by the print processor: BarnDim_070311.TCW0. BarnDim_070311.TCW1

Error: (07/04/2011 08:24:26 AM) (Source: 0) (User: )
Description: MSHOME :1d192.168.0.101192.168.0.102

Error: (07/03/2011 08:11:40 PM) (Source: 0) (User: )
Description: MSHOME :1d192.168.0.101192.168.0.102

Error: (07/03/2011 05:58:13 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{66E26972-1C1F-4C96-9D15-7AD913F176AB}.
The backup browser is stopping.

Error: (07/03/2011 04:36:56 PM) (Source: 0) (User: )
Description: MSHOME :1d192.168.0.101192.168.0.102

Error: (07/03/2011 01:33:40 PM) (Source: 0) (User: )
Description: MSHOME :1d192.168.0.101192.168.0.102

Error: (07/03/2011 00:20:24 PM) (Source: 0) (User: )
Description: MSHOME :1d192.168.0.101192.168.0.102


Microsoft Office Sessions:
=========================
Error: (07/05/2011 09:17:47 AM) (Source: BugSplat)(User: )
Description: SU8WinSketchUp309087

Error: (07/04/2011 04:20:21 AM) (Source: Application Hang)(User: )
Description: 2032286509

Error: (07/04/2011 04:20:04 AM) (Source: Application Hang)(User: )
Description: Tcw17.exe17.2.58.5hungapp0.0.0.000000000

Error: (06/23/2011 11:55:38 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/23/2011 08:21:25 AM) (Source: Application Hang)(User: )
Description: 1816055773

Error: (06/23/2011 08:21:20 AM) (Source: Application Hang)(User: )
Description: 1816055773

Error: (06/23/2011 04:25:57 AM) (Source: Application Hang)(User: )
Description: _iu14D2N.tmp51.52.0.0hungapp0.0.0.000000000

Error: (06/23/2011 04:24:54 AM) (Source: Application Hang)(User: )
Description: _iu14D2N.tmp51.52.0.0hungapp0.0.0.000000000

Error: (06/18/2011 09:30:19 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (06/18/2011 09:28:17 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 31%
Total physical RAM: 2039.29 MB
Available physical RAM: 1393.52 MB
Total Pagefile: 3931.1 MB
Available Pagefile: 3437.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.88 MB

======================= Partitions: =======================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:29.86 GB) (Free:11.76 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:7.39 GB) (Free:2.06 GB) FAT32
4 Drive f: (Phoenix_Drive) (Fixed) (Total:149.05 GB) (Free:141.51 GB) NTFS
5 Drive g: (20100827_1432) (CDROM) (Total:2.08 GB) (Free:0 GB) CDFS

================= Users: ==================================================

User accounts for \\MARTY-DESKTOP

-------------------------------------------------------------------------------
Administrator Guest HelpAssistant
HP_Owner SUPPORT_388945a0 SUPPORT_fddfa904
The command completed successfully.

================= End of Users ============================================
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#12 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:04:51 AM

Posted 07 July 2011 - 10:30 AM

Every time I try to post a copy of the contents of my GMER.log, I get an error message saying my post is too long, please shorten it a little. So, I'm going to have to send it in pieces. I'll try to pick stopping points that make sense. Here goes:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-06 07:11:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-18 ST340014AS rev.3.43
Running: khe0880c.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\fglcyaog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA87DE202]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA8AE480A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA8844CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA88026C1]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA8AE3D8A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA87E081C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA87E0874]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA8AE4470]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA87E098A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA8802075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA87E0772]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xA8AE3C66]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA87E08C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA87E07C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA8AE74C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xA8AE3652]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA87E0938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA87DE226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA8802D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA880303D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA87E0C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8802BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8802A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA8844D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA87DDFF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA8AE4052]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA87DE24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA87E0D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA87DECDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA87E084C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA87E089C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA8AE464C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA87E09B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA88023D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA87E079E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA87E0A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA87E0904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA87E07F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA87E0B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA87E0962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8844DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA88028D8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xA8AE6074]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA87DEBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA880272A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA884DE48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA8AE65E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA88016E8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xA8AE6898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA87DE26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA87DE292]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA8AE4E46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA87DE04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA87DE186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8802E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA87DE162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA87DE1AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xA8AE3A68]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA8AE3856]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA87DE2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C70 8050450C 16 Bytes [1C, 08, 7E, A8, 74, 08, 7E, ...] {SBB AL, 0x8; JLE 0xffffffffffffffac; JZ 0xe; JLE 0xffffffffffffffb0; JO 0x4e; SCASB ; TEST AL, 0x8a; OR [ESI-0x58], EDI}
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 20 Bytes [C4, 08, 7E, A8, C6, 07, 7E, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DAC 80504648 16 Bytes [4C, 08, 7E, A8, 9C, 08, 7E, ...] {DEC ESP; OR [ESI-0x58], BH; PUSHF ; OR [ESI-0x58], BH; DEC ESP; INC ESI; SCASB ; TEST AL, 0xb4; OR [ESI-0x58], EDI}
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, 16, 80, A8]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F2C 805047C8 12 Bytes [98, 68, AE, A8, 6E, E2, 7D, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL A87DF335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP A88562BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP A8857D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP A87E1CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A87E1BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP A87E0F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP A87E1E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP A87E2040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP A87E1B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP A87E0FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP A87E11AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP A87E1352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP A87E0E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP A87E1C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP A87E1F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP A87E132A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP A87E0E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP A87E1D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP A87E106A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP A87E10DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP A87E1114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP A87E0DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP A87E0F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP A87E1034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP A87E146C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP A87E1EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[360] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\alg.exe[360] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[360] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\smss.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[600] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\spoolsv.exe[676] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[676] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[772] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[796] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[796] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[796] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[796] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[796] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[796] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)


Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#13 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:04:51 AM

Posted 07 July 2011 - 10:32 AM

GMER.log - part #2:



.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] shell32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] shell32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] shell32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\HP_Owner\Desktop\khe0880c.exe[856] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[864] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1052] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1116] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050ED30 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005266C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#14 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:04:51 AM

Posted 07 July 2011 - 10:33 AM

GMER.log - part 3:



.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1188] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1832] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\Explorer.EXE[1848] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1848] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2584] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2584] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2584] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2584] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#15 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:04:51 AM

Posted 07 July 2011 - 10:35 AM

GMER.log - Part 4:



.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2620] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 009FCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 009ECD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009FCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009FCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009FCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 009FCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 009FC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 009FCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 009FCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009FC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 009FCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 009FCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009FCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 009FC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009FA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009ECE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 009FCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009FCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009FCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 009FCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009FCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009FCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009F7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009F8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009FCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009FCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 009FCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 009FCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009FCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 009FCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009FCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 009FCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 009FCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009FCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009FCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 009FCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 009FCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 009FCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009FCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 009FCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 009FCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 009FCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009FCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 009FCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 009FE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 009FD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [C1, 88, CC, CC]
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 009F62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 009FD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 009F6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009FDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009FDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 009FC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 009FC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 009FCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 009FC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 009FE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 009FE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 009FC920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2632] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 009FC940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[2676] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2704] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2704] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[2732] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] SHELL32.dll!ShellExecuteExW 7CA098CB 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] SHELL32.dll!ShellExecuteEx 7CA40E45 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] SHELL32.dll!ShellExecuteA 7CA41170 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[2732] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[2744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2788] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2860] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users