Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Ads Playing in Background/Google Redirects


(!)

TexasPete's Avatar
TexasPete TexasPete is offline
Computer Specs
Member with 41 posts.
THREAD STARTER
 
Join Date: Mar 2008
Experience: Intermediate
21-Jun-2012, 07:16 PM #1
Ads Playing in Background/Google Redirects
B]HIJACK THIS LOG:[/B]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:35 AM, on 6/21/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Users\Cassie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 8683 bytes


DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Cassie at 11:29:51 on 2012-06-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.500 [GMT -7:00]
.
AV: COMODO Antivirus *Enabled/Updated* {A7500527-8708-6548-7035-7F679C5FCEA5}
SP: COMODO Defense+ *Enabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\cassie\appdata\roaming\micros~1\windows\startm~1\programs\startup\ delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{43161F90-8995-4A5B-83AF-5661596504F9} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{43161F90-8995-4A5B-83AF-5661596504F9}\843393D413 : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{43161F90-8995-4A5B-83AF-5661596504F9}\B427165737562747F5548545 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{FC8072E8-DCDA-4948-80B1-E0F65265F546} : DhcpNameServer = 205.171.3.65 205.171.2.65
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-21 64288]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-11-21 127864]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-11-21 29520]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutra l_4c73f4a9a59a84bb\AEstSrv.exe [2009-9-19 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-20 654408]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-9-19 636144]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-10-8 10752]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-20 22344]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-20 40776]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-4 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v040 0.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2012-06-20 21:46:44 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-20 21:46:38 -------- d-----w- c:\users\cassie\appdata\roaming\Malwarebytes
2012-06-20 21:46:16 -------- d-----w- c:\programdata\Malwarebytes
2012-06-20 21:46:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 21:46:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-20 19:35:21 -------- d-----w- c:\users\cassie\appdata\roaming\Ad-Aware Antivirus
2012-06-20 19:25:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-20 19:25:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-20 19:16:53 15880 ----a-w- c:\windows\system32\lsdelete.exe
.
==================== Find3M ====================
.
2012-06-21 07:43:32 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
============= FINISH: 11:34:57.60 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
TexasPete's Avatar
TexasPete TexasPete is offline
Computer Specs
Member with 41 posts.
THREAD STARTER
 
Join Date: Mar 2008
Experience: Intermediate
21-Jun-2012, 07:27 PM #2
Ark.txt File
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-21 15:37:56
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: 5hv40dmj.exe; Driver: C:\Users\Cassie\AppData\Local\Temp\pwlyypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8F322F80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8F323F4E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8F323166]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8F3223EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8F322BE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8F3222CE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8F322A74]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8F323C08]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8F321E94]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8F323272]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8F321CC6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8F32388A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8F322670]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8F322DC2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x8F3219F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8F322900]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x8F321B6E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8F3243B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8F323626]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8F323A38]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8F32260A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8F3227F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8F322198]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8F322066]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83A90539 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83AB5092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 230 83ABC890 4 Bytes [80, 2F, 32, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 258 83ABC8B8 8 Bytes [4E, 3F, 32, 8F, 66, 31, 32, ...] {DEC ESI; AAS ; XOR CL, [EDI-0x70cdce9a]}
.text ntkrnlpa.exe!RtlSidHashLookup + 2EC 83ABC94C 4 Bytes [EC, 23, 32, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 308 83ABC968 4 Bytes [E6, 2B, 32, 8F]
.text ntkrnlpa.exe!RtlSidHashLookup + 334 83ABC994 4 Bytes [CE, 22, 32, 8F]
.text ...
.text ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes [E9, CB, D3, 2C, 98] {JMP 0xffffffff982cd3d0}
.text ntdll.dll!NtClose 77D34770 5 Bytes [E9, 3B, 3B, 2D, 98] {JMP 0xffffffff982d3b40}
.text ntdll.dll!NtCreateFile 77D34870 5 Bytes [E9, 5B, D0, 2C, 98] {JMP 0xffffffff982cd060}
.text ntdll.dll!NtCreateProcess 77D34940 5 Bytes [E9, 4B, CF, 2C, 98] {JMP 0xffffffff982ccf50}
.text ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes [E9, 5B, D0, 2C, 98] {JMP 0xffffffff982cd060}
.text ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes [E9, 1B, 26, 2D, 98] {JMP 0xffffffff982d2620}
.text ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes [E9, 5B, CE, 2C, 98] {JMP 0xffffffff982cce60}
.text ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes [E9, AB, CD, 2C, 98] {JMP 0xffffffff982ccdb0}
.text ntdll.dll!NtLoadDriver 77D34E00 5 Bytes [E9, 6B, CB, 2C, 98] {JMP 0xffffffff982ccb70}
.text ntdll.dll!NtOpenFile 77D34F80 5 Bytes [E9, 6B, C9, 2C, 98] {JMP 0xffffffff982cc970}
.text ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes [E9, 6B, C7, 2C, 98] {JMP 0xffffffff982cc770}
.text ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes [E9, AB, C0, 2C, 98] {JMP 0xffffffff982cc0b0}
.text ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes [E9, 8B, BD, 2C, 98] {JMP 0xffffffff982cbd90}
.text ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes [E9, 6B, BB, 2C, 98] {JMP 0xffffffff982cbb70}
.text ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes [E9, 56, F9, 2B, 98] {JMP 0xffffffff982bf95b}
.text ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes [E9, 2C, C3, 2B, 98, CC, CC] {JMP 0xffffffff982bc331; INT 3 ; INT 3 }
.text ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes [E9, 94, 2B, 2B, 98] {JMP 0xffffffff982b2b99}
.text ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes [E9, 96, 4F, 2B, 98] {JMP 0xffffffff982b4f9b}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[376] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[476] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\services.exe[580] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\services.exe[580] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[580] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[588] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[668] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[776] user32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[820] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 0040F950 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[832] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[924] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!RtlAllocateHeap
TexasPete's Avatar
TexasPete TexasPete is offline
Computer Specs
Member with 41 posts.
THREAD STARTER
 
Join Date: Mar 2008
Experience: Intermediate
21-Jun-2012, 07:30 PM #3
Ark.txt File Continued
10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe[1148] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text \\.\globalroot\SystemRoot\system32\svchost.exe[1264] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1324] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell\DellDock\DockLogin.exe[1444] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apoint.exe[1452] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[1464] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[1480] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 001E1950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtClose 77D34770 5 Bytes JMP 001E82B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 001E18D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 001E1890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 001E19B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 001E7040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 001E1910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 001E1A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 001E1970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 001E18F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 001E1930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 001E19D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 001E1990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 001E18B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 001E1A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 001E81E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 001E19F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 001E4550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 001E1A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 001E1A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 001E1B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 001E1B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 001E1C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 001E1BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 001E1D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 001E1CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 001E1CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 001E1AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 001E1AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 001E1C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 001E1C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 001E1B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 001E1A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 001E1D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 001E1D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 001E1D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 001E1CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 001E1B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 001E1C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 001E1C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 001E1B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 001E1BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 001E1BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 001E1D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 001E1AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 001E7E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 001E7D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 001E7BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 001E1480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 001E1640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 001E1250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 001E1000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 001E1DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 001E1E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 001E1DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\IDT\WDM\sttray.exe[1492] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 001E1DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] KERNEL32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] WININET.dll!InternetConnectW 77B3043A 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRAY.EXE[1500] WININET.dll!InternetConnectA 77B304F7 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\concentr.exe[1544] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1552] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1624] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP
TexasPete's Avatar
TexasPete TexasPete is offline
Computer Specs
Member with 41 posts.
THREAD STARTER
 
Join Date: Mar 2008
Experience: Intermediate
21-Jun-2012, 07:42 PM #4
Ark.txt File Continued
.text C:\Windows\System32\svchost.exe[2304] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2304] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2304] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2388] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] WININET.dll!InternetConnectW 77B3043A 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[2424] WININET.dll!InternetConnectA 77B304F7 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2536] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 00701950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtClose 77D34770 5 Bytes JMP 007082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 007018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 00701890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 007019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 00707040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 00701910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 00701A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 00701970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 007018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 00701930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 007019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 00701990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 007018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 00701A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 007081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 007019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 00704550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!CreateProcessW 77E4202D 3 Bytes JMP 00701A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!CreateProcessW + 4 77E42031 1 Byte [88]
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!CreateProcessA 77E42062 3 Bytes JMP 00701A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!CreateProcessA + 4 77E42066 1 Byte [88]
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 00701B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 00701B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 00701C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 00701BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 00701D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 00701CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 00701CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 00701AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 00701AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 00701C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 00701C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 00701B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 00701A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 00701D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 00701D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 00701D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 00701CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 00701B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 00701C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 00701C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 00701B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 00701BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 00701BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 00701D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 00701AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 00707E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 00701480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 00701640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 00701250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 00701000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 00701DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 00701E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 00701DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 00701DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 00707D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE[2704] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 00707BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\HidFind.exe[2812] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DellTPad\Apntex.exe[2820] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] shell32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] shell32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] shell32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Cassie\Desktop\5hv40dmj.exe[2828] shell32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2892] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\WUDFHost.exe[2996] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3000] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
TexasPete's Avatar
TexasPete TexasPete is offline
Computer Specs
Member with 41 posts.
THREAD STARTER
 
Join Date: Mar 2008
Experience: Intermediate
21-Jun-2012, 07:44 PM #5
Ark.txt File Continued (last one)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3084] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\WLTRYSVC.EXE[3120] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] KERNEL32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] WININET.dll!InternetConnectW 77B3043A 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] WININET.dll!InternetConnectA 77B304F7 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\bcmwltry.exe[3176] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe[3324] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[3492] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 0057000A
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 0058000A
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 0059000A
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] USER32.dll!GetCursorPos 77A4C198 5 Bytes JMP 0063000A
.text C:\Windows\System32\ping.exe[3580] USER32.dll!CreateWindowExW 77A50E51 5 Bytes JMP 009D000A
.text C:\Windows\System32\ping.exe[3580] USER32.dll!GetForegroundWindow 77A5565D 5 Bytes JMP 009C000A
.text C:\Windows\System32\ping.exe[3580] USER32.dll!WindowFromPoint 77A76D0C 5 Bytes JMP 009B000A
.text C:\Windows\System32\ping.exe[3580] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] WS2_32.dll!WSASocketW 76343D1B 7 Bytes JMP 10001E90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] WS2_32.dll!WSASocketA 7634B7FC 5 Bytes JMP 10001E70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\ping.exe[3580] ole32.dll!CoCreateInstance 7754590C 5 Bytes JMP 0062000A
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\conhost.exe[3596] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[3600] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] WININET.DLL!InternetConnectW 77B3043A 5 Bytes JMP 10001E50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3752] WININET.DLL!InternetConnectA 77B304F7 5 Bytes JMP 10001E30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3832] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtAllocateVirtualMemory 77D34580 5 Bytes JMP 10001950 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtClose 77D34770 5 Bytes JMP 100082B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtCreateFile 77D34870 5 Bytes JMP 100018D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtCreateProcess 77D34940 5 Bytes JMP 10001890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtCreateProcessEx 77D34950 5 Bytes JMP 100019B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtCreateUserProcess 77D34A20 5 Bytes JMP 10007040 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtDeleteFile 77D34AB0 5 Bytes JMP 10001910 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtFreeVirtualMemory 77D34C80 5 Bytes JMP 10001A30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtLoadDriver 77D34E00 5 Bytes JMP 10001970 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtOpenFile 77D34F80 5 Bytes JMP 100018F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtProtectVirtualMemory 77D351C0 5 Bytes JMP 10001930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtSetInformationProcess 77D35920 5 Bytes JMP 100019D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtUnloadDriver 77D35C00 5 Bytes JMP 10001990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!NtWriteVirtualMemory 77D35D40 5 Bytes JMP 100018B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!RtlAllocateHeap 77D420B5 5 Bytes JMP 10001A10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!LdrUnloadDll 77D4BEAF 7 Bytes JMP 100081E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!LdrGetProcedureAddress 77D4EE57 5 Bytes JMP 100019F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ntdll.dll!LdrLoadDll 77D4F5B5 5 Bytes JMP 10004550 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!CreateProcessW 77E4202D 5 Bytes JMP 10001A70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!CreateProcessA 77E42062 5 Bytes JMP 10001A50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!OpenFile 77E7412F 1 Byte [E9]
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!OpenFile 77E7412F 5 Bytes JMP 10001B10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!CopyFileW 77E78CAF 5 Bytes JMP 10001B90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!MoveFileW 77E7A193 5 Bytes JMP 10001C10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!CopyFileExW 77E807DB 7 Bytes JMP 10001BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!VirtualProtect 77E850CB 5 Bytes JMP 10001D90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!DeleteFileW 77E8658B 5 Bytes JMP 10001CD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!DeleteFileA 77E88BD6 5 Bytes JMP 10001CB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!LoadLibraryExW 77E8B647 5 Bytes JMP 10001AF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!LoadLibraryExA 77E8BC13 5 Bytes JMP 10001AD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!MoveFileWithProgressW 77E8BE8C 1 Byte [E9]
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!MoveFileWithProgressW 77E8BE8C 5 Bytes JMP 10001C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!MoveFileExW 77E8BEB0 5 Bytes JMP 10001C50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!CreateFileW 77E90AFD 5 Bytes JMP 10001B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!GetProcAddress 77E917D7 5 Bytes JMP 10001A90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!GetModuleHandleW 77E91941 5 Bytes JMP 10001D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!LoadLibraryA 77E92804 5 Bytes JMP 10001D30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!LoadLibraryW 77E92852 5 Bytes JMP 10001D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!GetModuleHandleA 77E92877 5 Bytes JMP 10001CF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!CreateFileA 77E9289C 5 Bytes JMP 10001B30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!MoveFileExA 77EA2F8B 5 Bytes JMP 10001C30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!MoveFileWithProgressA 77EA2FAB 5 Bytes JMP 10001C70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!CopyFileA 77EA7C94 5 Bytes JMP 10001B70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!MoveFileA 77ECAD41 5 Bytes JMP 10001BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!CopyFileExA 77ECBB99 5 Bytes JMP 10001BB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!WinExec 77ECE739 5 Bytes JMP 10001D70 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] kernel32.dll!LoadModule 77ECEC52 5 Bytes JMP 10001AB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ADVAPI32.dll!OpenServiceW 7666D20D 5 Bytes JMP 10001480 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ADVAPI32.dll!OpenServiceA 76673B15 5 Bytes JMP 10001640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ADVAPI32.dll!CreateServiceW 7668DBC1 5 Bytes JMP 10001250 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ADVAPI32.dll!CreateServiceA 766A2120 5 Bytes JMP 10001000 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] USER32.dll!EndTask 77A8FD8E 5 Bytes JMP 10007E80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ole32.dll!CoGetClassObject 7752A394 5 Bytes JMP 10007D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] ole32.dll!CoCreateInstanceEx 7754594F 5 Bytes JMP 10007BD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] SHELL32.dll!ShellExecuteW 76774250 5 Bytes JMP 10001DD0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] SHELL32.dll!ShellExecuteExW 76781BCC 5 Bytes JMP 10001E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] SHELL32.dll!ShellExecuteEx 769A9B12 5 Bytes JMP 10001DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[3984] SHELL32.dll!ShellExecuteA 769A9BAD 5 Bytes JMP 10001DB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\tdx \Device\Tcp [8F3D8EBA] \SystemRoot\system32\DRIVERS\tdx.sys[unknown section] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; MOV EDX, [EBP+0xc]; MOV EAX, [EBP+0x8]}

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\tdx \Device\Udp [8F3D8EBA] \SystemRoot\system32\DRIVERS\tdx.sys[unknown section] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; MOV EDX, [EBP+0xc]; MOV EAX, [EBP+0x8]}
Device \Driver\tdx \Device\RawIp [8F3D8EBA] \SystemRoot\system32\DRIVERS\tdx.sys[unknown section] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; MOV EDX, [EBP+0xc]; MOV EAX, [EBP+0x8]}

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8F3B8000-8F3CD000 (86016 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:2872] 85C52F2E

---- Processes - GMER 1.0.15 ----

Process C:\Windows\System32\ping.exe (*** hidden *** ) 3580

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\98fdb23d517ecc01330a00005816ec0f.x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a_mprdim.dll_ 8e5e0893 75264 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1066272a677ecc018a090000b4042c0c.x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a_mprdim.dll_ 8e5e0893 75264 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1066272a677ecc018a090000b4042c0c.x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a_mprdim.dll_ 8e5e0893.info 430 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\10b772d5517ecc017a0b00005816ec0f.x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a_mprdim.dll_ 8e5e0893 75264 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\10b772d5517ecc017a0b00005816ec0f.x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a_mprdim.dll_ 8e5e0893.info 430 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7a71043c4e5acc01d8070000d4046009.x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a_mprdim.dll_ 8e5e0893 75264 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7a71043c4e5acc01d8070000d4046009.x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a_mprdim.dll_ 8e5e0893.info 430 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\98fdb23d517ecc01330a00005816ec0f.x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a_mprdim.dll_ 8e5e0893.info 430 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\a.dll 78848 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\a.dll.info 134 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\de1fbc64667ecc0143080000b4042c0c.x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a_mprdim.dll_ 8e5e0893 75264 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\de1fbc64667ecc0143080000b4042c0c.x86_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_adb0a342c60efa1a_mprdim.dll_ 8e5e0893.info 430 bytes
File C:\Windows\$NtUninstallKB42302$\137711842 0 bytes
File C:\Windows\$NtUninstallKB42302$\375042916 0 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\@ 2048 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\cfg.ini 244 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\L 0 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\L\abfmnlcq 74240 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\oemid 160 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\U 0 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\U\00000001.@ 1536 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\U\80000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\U\80000032.@ 115712 bytes
File C:\Windows\$NtUninstallKB42302$\375042916\version 730 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\data[3].gif 42 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\ads[1].js 10455 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\ads[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\ads[3].js 10455 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\45951942_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\46032689_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\jload[1] 20034 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\surly[4].js 2101 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\4310[1].js 2259 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\44911070_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\45951614_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\1229[1].js 2206 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\1229[2].js 2206 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\ads_self[1].js 7549 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\fp[2] 22894 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\B0E0P5Z6\fp[3] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\PPRZ8DL0\bitesizesports_mevio_com[1].txt 456824 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\PPRZ8DL0\44868961_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\PPRZ8DL0\46440363_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\PPRZ8DL0\pixel[5].htm 6815 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\PPRZ8DL0\pixel_adsafeprotected_com[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\PPRZ8DL0\ads[4].js 8894 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\PPRZ8DL0\fw-nonplayer-banner[1].htm 769 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\PPRZ8DL0\LFN%20160x600%2040k[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\524732382b6b2f6a6d74674141354341[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\data[1].gif 42 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\data[3].gif 42 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\44905475_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\44908347_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\46369787_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\fp[4] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\fp[5] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\fp[6] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\1320323555971[1].png 2966 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\am_js[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\base[1].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\beacon[3].htm 145 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\beacon[4].htm 145 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\1229[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\1229[4].js 2206 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\1229[5].js 2206 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\ads[5].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\ads[6].js 10455 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\ads[7].js 10297 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QE4YU2Z1\1657696572@Bottom,Middle,Middle2,Right1,Right2,R ight3,Right,x13,x28,Top,Top2,Top3[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\cookiematch[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\ads[5].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\body.jpg[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\46032692_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\all[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\passback.c.r[2].php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\chrome-v3-prod.css[2].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\ads[6].js 10455 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\ads[7].js 8894 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\button_green_hover.png[1].png 2899 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\beacons[1].txt 773 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\beacon[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\Collage-728x90-mixed[1].swf 39517 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\UPug[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\vertical_new.png[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\ads[3].js 10455 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\ads[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\44905472_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\44911077_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\45952123_jpeg_preview_medium[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\fp[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\QK5385X6\extras.js[1].v441f46b6fcabc989 57072 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\X6SJ8OVU.txt 92 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\A0FHSB0E.txt 141 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\6LIB6ETQ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\6RIP1FGZ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\FS08WKAY.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\UB7MB5WT.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\8QZ8BHC7.txt 214 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\BET51OF4.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\TU6IABME.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\ARNQQ60X.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\DNLH2E4N.txt 3584 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\K8DKSSJI.txt 400 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\W1KTBRLN.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\80GHCDCP.txt 0 bytes
File C:\Windows\Temp\flaF8C3.tmp 0 bytes

---- EOF - GMER 1.0.15 ----



Thank you so much for your help, I hope I have provided everything that is needed!

Cory
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
22-Jun-2012, 05:16 PM #6
Hi Cory

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.
TexasPete's Avatar
TexasPete TexasPete is offline
Computer Specs
Member with 41 posts.
THREAD STARTER
 
Join Date: Mar 2008
Experience: Intermediate
23-Jun-2012, 02:33 PM #7
Hello Iain, thank you for helping me.

It appears that I've already made a mistake, unfortunately. Here's what happened:

I followed the instructions and downloaded the ComboFix program. When I opened the program for the first time I got an error message that said

Error opening file for writing:
C:\32788R22FWJFW\firefox.exe

And two more for iexplore.exe and n.pif.

After each message I clicked the 'Retry' button and the program seemed to proceed.

Next, I get an error message that says 'Windows cannot find 'NIRCMD'. Make sure you typed the name correctly and then try again.'

I pressed Ok, then in the blue screen of the program it said"

The system cannot find the file NIRCMD
Attempting to create a new System Restore point
The system cannot find the file NIRCMD
The system cannot find the file NIRCMD
'NIRCMD is not recognized as an internal or external command, operable program or batch file.

I kept getting the same error message about NIRCMD over the course of the next 20 minutes, and the program didn't appear to be doing anything, so I closed it. When I closed it, my desktop icons disappeared and the only option I had was to reboot. After rebooting, it would make it all the way to the log-in screen where I type my password but after I do that I get the blue screen of death. I chose to restart in safe mode with networking, which is where I am now.

What should I do now? I'm sorry to create more work for you.

Thank you,

Cory
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
24-Jun-2012, 11:48 AM #8
Hi Cory

I suspect this will be Comodo and Ad-Watch interfering.

You can run ComboFix from Safe Mode - just double click the icon. It should reboot your PC when finished.
TexasPete's Avatar
TexasPete TexasPete is offline
Computer Specs
Member with 41 posts.
THREAD STARTER
 
Join Date: Mar 2008
Experience: Intermediate
24-Jun-2012, 11:58 PM #9
I have completed the scan and the log is pasted below.

It appears that it removed my browser (Internet Explorer) so I tried to install both Firefox and Chrome from a flash drive, but when I try to install either one I get an error message that says 'Illegal operation attempted on a registry key that has been marked for deletion.' I copied the log onto my flash drive to post from my laptop so I could post it here.


ComboFix 12-06-23.05 - Cassie 06/24/2012 20:08:28.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2008.1453 [GMT -7:00]
Running from: c:\users\Cassie\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {A7500527-8708-6548-7035-7F679C5FCEA5}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
SP: COMODO Defense+ *Enabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cassie\AppData\Roaming\.#
c:\users\Cassie\AppData\Roaming\.#\MBX@1CD8@1101F50.###
c:\users\Cassie\AppData\Roaming\.#\MBX@1CD8@1101F60.###
c:\users\Cassie\AppData\Roaming\.#\MBX@1CD8@1101F70.###
c:\users\Cassie\AppData\Roaming\Install.dat
c:\windows\$NtUninstallKB42302$\1536768837
c:\windows\$NtUninstallKB42302$\375042916\@
c:\windows\$NtUninstallKB42302$\375042916\cfg.ini
c:\windows\$NtUninstallKB42302$\375042916\Desktop.ini
c:\windows\$NtUninstallKB42302$\375042916\L\abfmnlcq
c:\windows\system32\adsservice.dll
c:\windows\system32\aspi32.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\Invoker.dll
c:\windows\system32\proxyhostservice.dll
c:\windows\system32\wstcodec.dll
D:\Autorun.inf
c:\windows\$NtUninstallKB42302$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_F700imd
-------\Service_XTrapD12
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 03:17 . 2012-06-25 03:19 -------- d-----w- c:\users\Cassie\AppData\Local\temp
2012-06-25 03:17 . 2012-06-25 03:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-20 21:46 . 2012-06-20 21:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-20 21:46 . 2012-06-20 21:46 -------- d-----w- c:\users\Cassie\AppData\Roaming\Malwarebytes
2012-06-20 21:46 . 2012-06-20 21:46 -------- d-----w- c:\programdata\Malwarebytes
2012-06-20 21:46 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 21:46 . 2012-06-20 21:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-20 19:35 . 2012-06-20 19:41 -------- d-----w- c:\users\Cassie\AppData\Roaming\Ad-Aware Antivirus
2012-06-20 19:25 . 2012-06-20 19:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-20 19:25 . 2012-06-20 19:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[-] 2009-07-13 23:12 . CFEAA825DFADADE466CAEFB461F2E8C0 . 74240 . . [------] . . c:\windows\System32\drivers\tdx.sys
[-] 2009-07-13 23:12 . CFEAA825DFADADE466CAEFB461F2E8C0 . 74240 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-10-26 103768]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Cassie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-08-18 03:33 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-06-20 40776]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-05 1343400]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutra l_4c73f4a9a59a84bb\aestsrv.exe [2009-03-31 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-10-08 10752]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
*Deregistered* - inspect
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
scarddrv
Ptserlp
nvsmu
NetTcpActivator
F700imd
XTrapD12
incdsrv
cdaudio
TPM
pshost
VHidMinidrv
tmmbd
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\User_Feed_Synchronization-{FA7B9D15-50BE-47FB-AEA0-71853748425C}.job
- c:\windows\system32\msfeedssync.exe [2011-09-29 05:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-06-24 20:27:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 03:27
.
Pre-Run: 35,044,069,376 bytes free
Post-Run: 34,866,434,048 bytes free
.
- - End Of File - - D45CB23EB42ECD1FB7527966D6AABB66



Thanks!
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
25-Jun-2012, 05:41 PM #10
Hi again

Looks like you have a ZeroAccess rootkit.

Can you let me know if you have the Recovery Options available?

Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears – let me know if you have an option for Repair your computer.

You will need your flash drive as well.
TexasPete's Avatar
TexasPete TexasPete is offline
Computer Specs
Member with 41 posts.
THREAD STARTER
 
Join Date: Mar 2008
Experience: Intermediate
26-Jun-2012, 12:13 AM #11
I do have the 'Repair Your Computer' option listed under Advanced Boot Options.
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
26-Jun-2012, 04:03 PM #12
Hi Cory

Excellent we need to use the Recovery Environment to attack this infection without loading Windows.

You will need your flash drive for this.


For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


On the System Recovery Options menu you will get the following options:
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
TexasPete's Avatar
TexasPete TexasPete is offline
Computer Specs
Member with 41 posts.
THREAD STARTER
 
Join Date: Mar 2008
Experience: Intermediate
26-Jun-2012, 10:08 PM #13
FRST Log
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 26-06-2012 19:02:33
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [217088 2009-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [483428 2009-03-31] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3810304 2008-12-21] (Dell Inc.)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [103768 2009-10-26] (Citrix Systems, Inc.)
HKLM\...\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-07-07] ()
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [37888 2009-07-01] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-07-19] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [X]
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
Startup: C:\Users\Cassie\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

================================ Services (Whitelisted) ==================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\aestsrv.exe [81920 2009-03-31] (Andrea Electronics Corporation)
2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [557056 2009-07-13] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 SftService; "C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE" [636144 2009-04-17] (SoftThinks)
2 sprtsvc_DellSupportCenter; "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter [201968 2009-06-03] (SupportSoft, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4 a9a59a84bb\STacSV.exe [254042 2009-03-31] (IDT, Inc.)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1202688 2009-07-13] (Microsoft Corporation)
2 cdaudio; C:\Windows\System32\adsservice.dll [x]
2 incdsrv; C:\Windows\System32\wstcodec.dll [x]
2 NetTcpActivator; C:\Windows\System32\CTEDSPSY.DLL.dll [x]
2 nvsmu; C:\Windows\System32\wmiapsrv.dll [x]
2 Ptserlp; C:\Windows\System32\wlluc48b.dll [x]
2 scarddrv; C:\Windows\System32\s117bus.dll [x]
2 tmmbd; C:\Windows\System32\PCISys.dll [x]
2 TPM; C:\Windows\System32\zpjava.dll [x]
2 VHidMinidrv; C:\Windows\System32\sfloppy.dll [x]
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]

========================== Drivers (Whitelisted) =============

3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-21] (Broadcom Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-20] (Malwarebytes Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74240 2009-07-13] ()
2 WinFLdrv; C:\Windows\System32\WinFLdrv.sys [10752 2009-10-07] ()
2 WinVd32; \??\C:\Windows\system32\WinVd32.sys [180224 2009-10-07] ()
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [311296 2009-07-13] (Marvell)
3 catchme; \??\C:\Users\Cassie\AppData\Local\Temp\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: scarddrv -> C:\Windows\system32\s117bus.dll ==> No File.
NETSVC: Ptserlp -> C:\Windows\system32\wlluc48b.dll ==> No File.
NETSVC: nvsmu -> C:\Windows\system32\wmiapsrv.dll ==> No File.
NETSVC: NetTcpActivator -> C:\Windows\system32\CTEDSPSY.DLL.dll ==> No File.
NETSVC: F700imd -> No Registry Path.
NETSVC: XTrapD12 -> No Registry Path.
NETSVC: incdsrv -> C:\Windows\system32\wstcodec.dll ==> No File.
NETSVC: cdaudio -> C:\Windows\system32\adsservice.dll ==> No File.
NETSVC: TPM -> C:\Windows\system32\zpjava.dll ==> No File.
NETSVC: pshost -> No Registry Path.
NETSVC: VHidMinidrv -> C:\Windows\system32\sfloppy.dll ==> No File.
NETSVC: tmmbd -> C:\Windows\system32\PCISys.dll ==> No File.

============ One Month Created Files and Folders ==============

2012-06-26 19:02 - 2012-06-26 19:02 - 00000000 ____D C:\FRST
2012-06-24 19:53 - 2012-06-24 19:52 - 00739808 ____A (Google Inc.) C:\Users\Cassie\Desktop\ChromeSetup.exe
2012-06-24 19:40 - 2012-06-24 19:40 - 00009919 ____A C:\Users\Cassie\Desktop\ComboFix.txt
2012-06-24 19:27 - 2012-06-24 19:27 - 00009919 ____A C:\ComboFix.txt
2012-06-24 10:33 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-23 10:21 - 2012-06-23 10:21 - 00145960 ____A C:\Windows\Minidump\062312-31418-01.dmp
2012-06-23 10:19 - 2012-06-23 10:19 - 00145960 ____A C:\Windows\Minidump\062312-35505-01.dmp
2012-06-23 10:17 - 2012-06-23 10:18 - 00145960 ____A C:\Windows\Minidump\062312-43664-01.dmp
2012-06-23 10:15 - 2012-06-23 10:16 - 00145960 ____A C:\Windows\Minidump\062312-41917-02.dmp
2012-06-23 10:13 - 2012-06-23 10:13 - 00145960 ____A C:\Windows\Minidump\062312-41917-01.dmp
2012-06-23 10:11 - 2012-06-23 10:20 - 234598243 ____A C:\Windows\MEMORY.DMP
2012-06-23 10:11 - 2012-06-23 10:11 - 00145960 ____A C:\Windows\Minidump\062312-42135-01.dmp
2012-06-23 09:49 - 2010-11-20 00:39 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.svs
2012-06-23 09:31 - 2012-06-23 09:31 - 04565820 ____R (Swearware) C:\Users\Cassie\Desktop\ComboFix.exe
2012-06-23 09:16 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-23 09:16 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-23 09:16 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-23 09:16 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-23 09:16 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-23 09:16 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-23 09:16 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-23 09:15 - 2012-06-24 19:27 - 00000000 ___AD C:\Qoobox
2012-06-23 09:14 - 2012-06-24 19:25 - 00000000 ____D C:\Windows\erdnt
2012-06-21 15:39 - 2012-06-21 15:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2012-06-21 14:37 - 2012-06-21 14:37 - 01111600 ____A C:\Users\Cassie\Desktop\ark.log
2012-06-21 13:41 - 2012-06-25 20:13 - 00022684 ____A C:\Windows\setupact.log
2012-06-21 13:41 - 2012-06-21 13:41 - 00000000 ____A C:\Windows\setuperr.log
2012-06-21 10:40 - 2012-06-21 10:40 - 00302592 ____A C:\Users\Cassie\Desktop\5hv40dmj.exe
2012-06-21 10:39 - 2012-06-21 10:39 - 00006977 ____A C:\Users\Cassie\Desktop\Attach.txt
2012-06-21 10:37 - 2012-06-21 10:37 - 00011722 ____A C:\Users\Cassie\Desktop\DDS.txt
2012-06-21 10:29 - 2012-06-21 10:29 - 00607260 ____R (Swearware) C:\Users\Cassie\Desktop\dds.scr
2012-06-21 10:24 - 2012-06-21 10:24 - 00008684 ____A C:\Users\Cassie\Desktop\hijackthis.log
2012-06-21 10:22 - 2012-06-21 10:22 - 00388608 ____A (Trend Micro Inc.) C:\Users\Cassie\Desktop\HijackThis.exe
2012-06-20 13:46 - 2012-06-20 13:47 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-20 13:46 - 2012-06-20 13:46 - 00000000 ____D C:\Users\Cassie\AppData\Roaming\Malwarebytes
2012-06-20 13:46 - 2012-06-20 13:46 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-20 13:46 - 2012-06-20 13:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-20 13:46 - 2012-04-04 14:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-20 11:35 - 2012-06-20 11:41 - 00000000 ____D C:\Users\Cassie\AppData\Roaming\Ad-Aware Antivirus
2012-06-20 11:25 - 2012-06-20 11:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-20 11:25 - 2012-06-20 11:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-20 11:19 - 2012-06-23 10:20 - 00003281 ____A C:\aaw7boot.log
2012-06-20 11:13 - 2012-06-20 11:17 - 00001986 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

============ 3 Months Modified Files and Folders ===============

2012-06-26 17:58 - 2011-08-04 02:16 - 01328237 ____A C:\Windows\WindowsUpdate.log
2012-06-25 20:20 - 2011-08-04 01:37 - 00009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-25 20:20 - 2011-08-04 01:37 - 00009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-25 20:13 - 2012-06-21 13:41 - 00022684 ____A C:\Windows\setupact.log
2012-06-25 20:13 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-24 19:52 - 2012-06-24 19:53 - 00739808 ____A (Google Inc.) C:\Users\Cassie\Desktop\ChromeSetup.exe
2012-06-24 19:40 - 2012-06-24 19:40 - 00009919 ____A C:\Users\Cassie\Desktop\ComboFix.txt
2012-06-24 19:27 - 2012-06-24 19:27 - 00009919 ____A C:\ComboFix.txt
2012-06-24 19:27 - 2012-06-23 09:15 - 00000000 ___AD C:\Qoobox
2012-06-24 19:27 - 2009-07-13 18:37 - 00000000 __RHD C:\users\Default
2012-06-24 19:27 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2012-06-24 19:25 - 2012-06-23 09:14 - 00000000 ____D C:\Windows\erdnt
2012-06-24 19:19 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-06-24 19:18 - 2011-08-04 02:01 - 00025816 ____A C:\Windows\PFRO.log
2012-06-24 19:18 - 2009-07-13 18:03 - 49709056 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-06-24 19:18 - 2009-07-13 18:03 - 29360128 ____A C:\Windows\System32\config\SYSTEM.bak
2012-06-24 19:18 - 2009-07-13 18:03 - 00274432 ____A C:\Windows\System32\config\DEFAULT.bak
2012-06-24 19:18 - 2009-07-13 18:03 - 00057344 ____A C:\Windows\System32\config\SAM.bak
2012-06-24 19:18 - 2009-07-13 18:03 - 00024576 ____A C:\Windows\System32\config\SECURITY.bak
2012-06-24 18:54 - 2009-11-21 20:33 - 00000000 ____D C:\Program Files\COMODO
2012-06-24 10:39 - 2009-07-13 18:37 - 00000000 ___DC C:\Windows\$NtUninstallKB42302$
2012-06-24 10:32 - 2009-11-21 21:01 - 00000000 __HDC C:\Users\All Users\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2012-06-24 10:32 - 2009-11-21 21:00 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-06-23 10:21 - 2012-06-23 10:21 - 00145960 ____A C:\Windows\Minidump\062312-31418-01.dmp
2012-06-23 10:21 - 2011-08-04 02:25 - 00000000 ____D C:\Windows\Minidump
2012-06-23 10:20 - 2012-06-23 10:11 - 234598243 ____A C:\Windows\MEMORY.DMP
2012-06-23 10:20 - 2012-06-20 11:19 - 00003281 ____A C:\aaw7boot.log
2012-06-23 10:19 - 2012-06-23 10:19 - 00145960 ____A C:\Windows\Minidump\062312-35505-01.dmp
2012-06-23 10:18 - 2012-06-23 10:17 - 00145960 ____A C:\Windows\Minidump\062312-43664-01.dmp
2012-06-23 10:17 - 2011-08-04 01:38 - 00000000 ____D C:\users\Cassie
2012-06-23 10:16 - 2012-06-23 10:15 - 00145960 ____A C:\Windows\Minidump\062312-41917-02.dmp
2012-06-23 10:13 - 2012-06-23 10:13 - 00145960 ____A C:\Windows\Minidump\062312-41917-01.dmp
2012-06-23 10:11 - 2012-06-23 10:11 - 00145960 ____A C:\Windows\Minidump\062312-42135-01.dmp
2012-06-23 10:11 - 2011-08-04 11:37 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-06-23 10:08 - 2011-08-04 11:47 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2012-06-23 09:31 - 2012-06-23 09:31 - 04565820 ____R (Swearware) C:\Users\Cassie\Desktop\ComboFix.exe
2012-06-21 15:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-06-21 15:39 - 2012-06-21 15:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2012-06-21 14:37 - 2012-06-21 14:37 - 01111600 ____A C:\Users\Cassie\Desktop\ark.log
2012-06-21 13:41 - 2012-06-21 13:41 - 00000000 ____A C:\Windows\setuperr.log
2012-06-21 10:40 - 2012-06-21 10:40 - 00302592 ____A C:\Users\Cassie\Desktop\5hv40dmj.exe
2012-06-21 10:39 - 2012-06-21 10:39 - 00006977 ____A C:\Users\Cassie\Desktop\Attach.txt
2012-06-21 10:37 - 2012-06-21 10:37 - 00011722 ____A C:\Users\Cassie\Desktop\DDS.txt
2012-06-21 10:29 - 2012-06-21 10:29 - 00607260 ____R (Swearware) C:\Users\Cassie\Desktop\dds.scr
2012-06-21 10:24 - 2012-06-21 10:24 - 00008684 ____A C:\Users\Cassie\Desktop\hijackthis.log
2012-06-21 10:22 - 2012-06-21 10:22 - 00388608 ____A (Trend Micro Inc.) C:\Users\Cassie\Desktop\HijackThis.exe
2012-06-20 13:47 - 2012-06-20 13:46 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-20 13:46 - 2012-06-20 13:46 - 00000000 ____D C:\Users\Cassie\AppData\Roaming\Malwarebytes
2012-06-20 13:46 - 2012-06-20 13:46 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-20 13:46 - 2012-06-20 13:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-20 11:41 - 2012-06-20 11:35 - 00000000 ____D C:\Users\Cassie\AppData\Roaming\Ad-Aware Antivirus
2012-06-20 11:25 - 2012-06-20 11:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-20 11:25 - 2012-06-20 11:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-20 11:17 - 2012-06-20 11:13 - 00001986 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-06-20 11:13 - 2010-11-26 13:18 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-20 11:13 - 2009-09-19 00:00 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-20 11:11 - 2009-09-27 17:32 - 00000000 ____D C:\Users\Cassie\AppData\Local\Adobe
2012-04-04 14:56 - 2012-06-20 13:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 2008.36 MB
Available physical RAM: 1615.04 MB
Total Pagefile: 2008.36 MB
Available Pagefile: 1613.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.95 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:32.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.71 GB) NTFS
5 Drive g: () (Removable) (Total:3.76 GB) (Free:1.6 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3861 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 134 GB 14 GB

=========================================================================== ===========================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================================== ===========================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

=========================================================================== ===========================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 134 GB Healthy

=========================================================================== ===========================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3856 MB 4568 KB

=========================================================================== ===========================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3856 MB Healthy

=========================================================================== ===========================

==========================================================

Last Boot: 2012-06-19 07:49

======================= End Of Log ==========================
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,823 posts.
 
Join Date: Dec 2004
Location: Erm...Glasgow?
27-Jun-2012, 05:20 PM #14
Hi again

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Plug the flashdrive into the infected PC.

Code:
 2012-06-21 10:40 - 2012-06-21 10:40 - 00302592 ____A C:\Users\Cassie\Desktop\5hv40dmj.exe
2012-06-24 10:39 - 2009-07-13 18:37 - 00000000 ___DC C:\Windows\$NtUninstallKB42302$
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
TexasPete's Avatar
TexasPete TexasPete is offline
Computer Specs
Member with 41 posts.
THREAD STARTER
 
Join Date: Mar 2008
Experience: Intermediate
28-Jun-2012, 02:02 AM #15
Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-27 23:00:06 Run:1
Running from G:\

==============================================

C:\Users\Cassie\Desktop\5hv40dmj.exe moved successfully.
C:\Windows\$NtUninstallKB42302$ moved successfully.

==== End of Fixlog ====
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑