Extras: OTL Extras logfile created on: 2010-10-23 15:36:57 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 23,17 Gb Free Space | 39,55% Space Free | Partition Type: NTFS Drive D: | 115,24 Gb Total Space | 4,13 Gb Free Space | 3,59% Space Free | Partition Type: NTFS Drive E: | 101,56 Gb Total Space | 12,73 Gb Free Space | 12,54% Space Free | Partition Type: NTFS Drive F: | 146,60 Gb Total Space | 72,01 Gb Free Space | 49,12% Space Free | Partition Type: NTFS Drive G: | 117,65 Gb Total Space | 47,66 Gb Free Space | 40,51% Space Free | Partition Type: NTFS Computer Name: BIKOP1276 | User Name: Boredor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "9754:TCP" = 9754:TCP:*:Enabled:BitComet 9754 TCP "9754:UDP" = 9754:UDP:*:Enabled:BitComet 9754 UDP "12560:TCP" = 12560:TCP:*:Enabled:BitComet 12560 TCP "12560:UDP" = 12560:UDP:*:Enabled:BitComet 12560 UDP "12254:TCP" = 12254:TCP:*:Enabled:12254 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com) "C:\Program Files\Udostępnianie DVD lub CD\RemoteInstallMacOSX.exe" = C:\Program Files\Udostępnianie DVD lub CD\RemoteInstallMacOSX.exe:LocalSubNet:Enabled:Asystent instalacji zdalnej -- (Apple Inc.) "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Program Files\Udostępnianie DVD lub CD\ODSAgent.exe" = C:\Program Files\Udostępnianie DVD lub CD\ODSAgent.exe:LocalSubNet:Disabled:Udostępnianie DVD lub CD -- (Apple Inc.) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgui.exe" = C:\Program Files\AVG\AVG9\avgui.exe:*:Enabled:Interfejs użytkownika AVG Free -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgtray.exe" = C:\Program Files\AVG\AVG9\avgtray.exe:*:Enabled:Tray ikona AVG Free -- (AVG Technologies CZ, s.r.o.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0 "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r320) "{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{19700927-105D-3812-8548-53EDA3F5A22D}" = Microsoft Visual Web Developer 2008 Express Edition - ENU "{1A995D22-F711-4199-83D4-579B593A46C5}" = TMPGEnc DVD Author 1.6 "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{221125DC-6A40-4900-B844-591F5E1195B0}" = Microsoft Visual Web Developer 2005 Express Edition - ENU "{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3778C674-FFC5-42B3-9B19-5FC816C96919}" = Radiotracker "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer "{3C7EEEC3-464F-3FE9-8795-3CC8B4EAD82A}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU "{5BBC0864-D5FC-4A5E-8346-5450B9B57EEE}" = Speech 5.1 English Engines "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86EC42B5-346E-4BAB-948D-58E021EA4BD1}" = ATI Catalyst Control Center "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007 "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}" = HPDeskjet5900Series "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0 "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0 "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{BCA2295A-035C-460D-9B75-4671518DC000}" = Udostępnianie DVD lub CD "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D155D300-C235-44FC-981C-F7B34683439C}" = Paragon Drive Backup 8.51 Professional Trial "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D70DE630-0D13-4394-A15B-5ACE6CF2A18D}" = Atheros Wireless LAN "{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions "{E2C00C8C-3D0C-40DF-BC67-44321C9E1045}" = Nero 8 Trial "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{E69DE34E-AF8A-4731-9A5C-CD056192B615}" = In Company Pre-intermediate "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{EE3A1D30-B97D-4EC0-BA65-EEE4131ECA9A}" = AirPlus XtremeG DWL-G520 "{EE7AF1A0-8E50-4322-A8FA-E96C01369B40}" = TechniSat TV Center "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "AC3Filter" = AC3Filter (remove only) "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI "ALLPlayer V2.1" = ALLPlayer V2.1 "Any Video Converter_is1" = Any Video Converter 3.0.7 "Aplikacje w Delphi. Przykłady. Wydanie II" = Aplikacje w Delphi. Przykłady. Wydanie II "Argente - Registry Cleaner_is1" = Argente - Registry Cleaner 1.5.5.2 "ASCOM Platform 4.1" = ASCOM Platform 4.1 "ATI Display Driver" = ATI Display Driver "AVG9Uninstall" = AVG Free 9.0 "AviSynth" = AviSynth 2.5 "BitComet" = BitComet 1.09 "camcodec" = CamStudio Lossless Codec "CCleaner" = CCleaner "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5 "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "DivX Codec" = Remove DivX Pro Codec "DivX Player" = DivX Player "Dr. DivX 1.0.4" = Dr. DivX 1.0.4 "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab Gold_is1" = DVDFab Gold 3.1.3.2 "EarthView" = EarthView "eMaestro! - Język angielski_is1" = eMaestro! 1.0.1 "ENTERPRISE" = Microsoft Office Enterprise 2007 "ET3" = English Translator 3 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60 "FTDICOMM" = FTDI USB Serial Converter Drivers "Gordian Knot" = Gordian Knot Rip Pack 0.35.0 "Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio "HP Imaging Device Functions" = HP Imaging Device Functions 5.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{E69DE34E-AF8A-4731-9A5C-CD056192B615}" = In Company Pre-intermediate "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Corporate) "Lektury na CD_is1" = Lektury na CD "Matura" = Matura "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU "Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU "Microsoft Visual Web Developer 2008 Express Edition - ENU" = Microsoft Visual Web Developer 2008 Express Edition - ENU "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2 "nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8 "Network Stumbler" = Network Stumbler 0.4.0 (remove only) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Prof60_Rozum_is1" = Profesor Henry 6.0 Rozumienie ze słuchu i konwersacje "RealAlt_is1" = Real Alternative 1.9.0 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "Sterownik klucza HASP" = Sterownik klucza HASP "SuperMemo Basic English" = SuperMemo Basic English "SuperMemo UX - Angielski. No problem!+ 1" = SuperMemo UX - Angielski. No problem!+ 1 "SuperMemo UX - Angielski. No problem!+ 2" = SuperMemo UX - Angielski. No problem!+ 2 "SuperMemo UX - Błyskawiczny kurs ortografii polskiej" = SuperMemo UX - Błyskawiczny kurs ortografii polskiej "SuperMemo UX - Matematyka - repetytorium" = SuperMemo UX - Matematyka - repetytorium "SuperMemo UX - Mobilne rozmówki angielskie " = SuperMemo UX - Mobilne rozmówki angielskie "SystemRequirementsLab" = System Requirements Lab "Szkoła Hakerów - Odtwarzacz filmów instruktażowych" = Szkoła Hakerów - Odtwarzacz filmów instruktażowych (remove only) "Teleport Pro" = Teleport Pro "Totalcmd" = Total Commander (Remove or Repair) "Trojan Remover_is1" = Trojan Remover 6.8.2 "Turbo Pascal 7.0" = Turbo Pascal 7.0 "TurboRuby" = TurboRuby "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "Winspector - Ultimate Windows Spy Utility_is1" = Winspector "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "wpp" = Oxford Wordpower: polskie wydanie "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "xp-AntiSpy" = xp-AntiSpy 3.97-9 "YDP Flash Speech Recognition Support" = YDP Flash Speech Recognition Support 1.2 "YouRipper240" = YouRipper "YouTube Video Downloader_is1" = YouTube Video Downloader V2.0 [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "09f5f2d7a8529096" = AntRunner "DMGExtractor" = DMGExtractor "Tile-based game" = Tile-based game [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-10-23 07:50:13 | Computer Name = BIKOP1276 | Source = MSSQL$SQLEXPRESS | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 2010-10-23 07:50:13 | Computer Name = BIKOP1276 | Source = MSSQL$SQLEXPRESS | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 2010-10-23 07:57:50 | Computer Name = BIKOP1276 | Source = MSSQL$SQLEXPRESS | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 2010-10-23 07:57:50 | Computer Name = BIKOP1276 | Source = MSSQL$SQLEXPRESS | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 2010-10-23 08:02:00 | Computer Name = BIKOP1276 | Source = MSSQL$SQLEXPRESS | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 2010-10-23 08:02:00 | Computer Name = BIKOP1276 | Source = MSSQL$SQLEXPRESS | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 2010-10-23 08:03:09 | Computer Name = BIKOP1276 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca avgui.exe, wersja 9.0.0.862, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-10-23 08:03:12 | Computer Name = BIKOP1276 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca avgui.exe, wersja 9.0.0.862, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-10-23 09:34:10 | Computer Name = BIKOP1276 | Source = MSSQL$SQLEXPRESS | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 2010-10-23 09:34:10 | Computer Name = BIKOP1276 | Source = MSSQL$SQLEXPRESS | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. [ OSession Events ] Error - 2009-05-08 11:43:53 | Computer Name = ARMAREH-9D57A49 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 713 seconds with 420 seconds of active time. This session ended with a crash. Error - 2009-05-08 12:24:49 | Computer Name = ARMAREH-9D57A49 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2441 seconds with 2100 seconds of active time. This session ended with a crash. Error - 2009-05-18 11:12:29 | Computer Name = ARMAREH-9D57A49 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1984 seconds with 1920 seconds of active time. This session ended with a crash. Error - 2009-05-18 11:59:23 | Computer Name = ARMAREH-9D57A49 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2809 seconds with 1440 seconds of active time. This session ended with a crash. Error - 2009-06-07 12:34:30 | Computer Name = ARMAREH-9D57A49 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2517 seconds with 2280 seconds of active time. This session ended with a crash. Error - 2009-07-01 11:41:46 | Computer Name = ARMAREH-9D57A49 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 981 seconds with 780 seconds of active time. This session ended with a crash. Error - 2009-07-01 12:42:22 | Computer Name = ARMAREH-9D57A49 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3633 seconds with 1320 seconds of active time. This session ended with a crash. Error - 2009-12-05 19:39:29 | Computer Name = ARMAREH-9D57A49 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 30 seconds with 0 seconds of active time. This session ended with a crash. Error - 2009-12-05 21:46:53 | Computer Name = ARMAREH-9D57A49 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 43 seconds with 0 seconds of active time. This session ended with a crash. Error - 2010-09-11 15:24:13 | Computer Name = ARMAREH-9D57A49 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 9988 seconds with 8940 seconds of active time. This session ended with a crash. [ System Events ] Error - 2010-10-23 09:25:43 | Computer Name = BIKOP1276 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-10-23 09:25:43 | Computer Name = BIKOP1276 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-10-23 09:25:43 | Computer Name = BIKOP1276 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-10-23 09:25:43 | Computer Name = BIKOP1276 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-10-23 09:25:43 | Computer Name = BIKOP1276 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-10-23 09:25:44 | Computer Name = BIKOP1276 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-10-23 09:33:58 | Computer Name = BIKOP1276 | Source = sptd | ID = 262148 Description = Sterownik wykrył błąd wewnętrzny w swoich strukturach danych dla . Error - 2010-10-23 09:34:16 | Computer Name = BIKOP1276 | Source = Service Control Manager | ID = 7023 Description = Usługa HID Input Service zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-10-23 09:34:19 | Computer Name = BIKOP1276 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: sptd Error - 2010-10-23 09:34:21 | Computer Name = BIKOP1276 | Source = Service Control Manager | ID = 7034 Description = Usługa MySql niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. < End of report > OTL: OTL logfile created on: 2010-10-23 15:36:57 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 23,17 Gb Free Space | 39,55% Space Free | Partition Type: NTFS Drive D: | 115,24 Gb Total Space | 4,13 Gb Free Space | 3,59% Space Free | Partition Type: NTFS Drive E: | 101,56 Gb Total Space | 12,73 Gb Free Space | 12,54% Space Free | Partition Type: NTFS Drive F: | 146,60 Gb Total Space | 72,01 Gb Free Space | 49,12% Space Free | Partition Type: NTFS Drive G: | 117,65 Gb Total Space | 47,66 Gb Free Space | 40,51% Space Free | Partition Type: NTFS Computer Name: BIKOP1276 | User Name: Boredor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-10-23 15:15:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\OTL.exe PRC - [2010-10-04 16:20:49 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010-09-29 17:23:46 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe PRC - [2010-09-29 17:23:41 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2010-09-24 18:28:47 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010-07-17 05:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\jre6\bin\jqs.exe PRC - [2010-07-16 00:25:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010-07-16 00:25:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010-07-16 00:25:20 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010-07-16 00:25:19 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010-03-09 09:58:32 | 001,738,352 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe PRC - [2009-12-09 08:36:56 | 000,866,200 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-07-12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007-01-19 12:49:26 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe PRC - [2006-11-13 15:57:16 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe PRC - [2006-11-13 15:57:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe PRC - [2001-11-27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-10-23 15:15:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\OTL.exe MOD - [2010-09-29 17:24:26 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2008-04-14 23:50:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll MOD - [2008-04-14 23:49:56 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll MOD - [2008-04-14 23:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010-09-29 17:23:41 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2010-07-17 05:00:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010-07-16 00:25:40 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010-04-19 10:25:38 | 000,430,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2009-10-10 05:26:08 | 000,458,432 | ---- | M] (AltrixSoft (http://www.altrixsoft.com/)) [On_Demand | Stopped] -- C:\HDInspectorPortable\App\HDInspector\HDDSvc.exe -- (HDDSvc) SRV - [2009-03-31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008-04-07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-08-09 09:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2007-07-12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007-01-19 12:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Running] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2003-09-14 22:08:14 | 002,928,700 | ---- | M] () [Auto | Stopped] -- c:\usr/MYSQL/bin/mysqld.exe -- (MySql) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Boredor\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - [2010-09-29 17:24:26 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect) DRV - [2010-09-29 17:24:25 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2010-09-29 17:24:25 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2010-07-16 00:25:42 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010-07-16 00:25:20 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010-06-24 15:54:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010-03-09 09:58:30 | 000,018,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2009-11-14 16:59:52 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2009-11-05 00:57:05 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009-07-28 10:55:00 | 000,143,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009-05-07 20:57:48 | 001,351,104 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ts_athw.sys -- (TS_AR5416) DRV - [2009-03-31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-03-20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-03-20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-03-20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009-02-27 14:29:23 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008-10-06 05:58:38 | 000,547,744 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB) DRV - [2008-08-05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008-04-14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008-04-14 01:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883) DRV - [2008-04-14 01:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc) DRV - [2008-04-14 01:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV) DRV - [2008-04-14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-11-06 09:06:48 | 000,131,672 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2007-11-06 09:06:48 | 000,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2007-11-06 09:06:48 | 000,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus) DRV - [2007-09-17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-07-12 17:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2007-06-13 17:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2007-05-12 17:39:32 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2007-01-22 23:28:50 | 000,689,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athr.sys -- (athr) DRV - [2006-11-22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006-10-26 10:55:10 | 000,253,952 | R--- | M] (TechnoTrend AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TTFEDVBn.sys -- (PTDVB) DRV - [2006-10-26 10:41:04 | 000,081,024 | R--- | M] (TechnoTrend AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TTCap46n.sys -- (Cap7146_DVB) DRV - [2006-01-04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2005-12-19 15:02:36 | 000,060,572 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2005-12-19 15:02:36 | 000,028,449 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2005-08-26 15:58:40 | 000,438,891 | ---- | M] (Atheros Communications, Inc. and WildPackets, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005-08-04 05:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005-06-01 12:07:24 | 000,005,314 | R--- | M] (Apogee Instruments) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\apogeeio.sys -- (ApogeeIO) DRV - [2005-06-01 12:07:14 | 000,007,610 | R--- | M] (Diffraction Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\maximio.sys -- (MaxImIO) DRV - [2005-02-04 18:12:50 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2004-06-21 17:03:22 | 000,078,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2004-03-24 04:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5) DRV - [2004-03-10 17:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k) DRV - [2003-09-24 11:24:20 | 000,276,981 | ---- | M] (Atheros Communications, Inc. and WildPackets, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5210b.sys -- (ATHER) DRV - [2002-03-19 11:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI) DRV - [2001-08-17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.onet.pl/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=14542" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.9.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002 FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0 FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-09-24 18:29:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010-06-23 23:15:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\jre6\lib\deploy\jqs\ff [2010-03-10 22:47:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-28 20:24:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-10 19:34:40 | 000,000,000 | ---D | M] [2009-11-28 01:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boredor\Dane aplikacji\Mozilla\Extensions [2010-08-28 20:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boredor\Dane aplikacji\Mozilla\Firefox\Profiles\hxfmhzn2.default\extensions [2010-06-21 19:14:42 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Documents and Settings\Boredor\Dane aplikacji\Mozilla\Firefox\Profiles\hxfmhzn2.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37} [2010-05-01 19:33:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Boredor\Dane aplikacji\Mozilla\Firefox\Profiles\hxfmhzn2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-02 19:14:31 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Boredor\Dane aplikacji\Mozilla\Firefox\Profiles\hxfmhzn2.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5} [2010-05-07 23:17:06 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\Boredor\Dane aplikacji\Mozilla\Firefox\Profiles\hxfmhzn2.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2010-06-02 19:13:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Boredor\Dane aplikacji\Mozilla\Firefox\Profiles\hxfmhzn2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-08-27 16:02:05 | 000,000,000 | ---D | M] (Babylon-English Toolbar) -- C:\Documents and Settings\Boredor\Dane aplikacji\Mozilla\Firefox\Profiles\hxfmhzn2.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad} [2010-09-27 18:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-04-16 22:12:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-09-27 18:59:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2008-11-11 09:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-06-03 16:18:14 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-08-27 16:02:03 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml [2010-06-03 16:18:14 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-06-03 16:18:14 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-06-03 16:18:14 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-06-03 16:18:14 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-06-03 16:18:14 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-10-22 20:36:51 | 000,000,022 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Tray ikona AVG Free.lnk = C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) O4 - Startup: C:\Documents and Settings\Boredor\Menu Start\Programy\Autostart\autoruns.exe (Sysinternals - www.sysinternals.com) O4 - Startup: C:\Documents and Settings\Boredor\Menu Start\Programy\Autostart\AVG Free 9.0.lnk = C:\Program Files\AVG\AVG9\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - Startup: C:\Documents and Settings\Boredor\Menu Start\Programy\Autostart\COMODO Firewall.lnk = C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Boredor\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Boredor\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-02-21 17:37:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-10-23 15:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY [2010-10-22 20:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2010-10-19 23:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010-10-19 23:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2010-10-14 16:03:20 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010-10-14 16:03:20 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010-10-14 16:03:13 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010-10-12 17:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010-10-12 17:20:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Boredor\Recent [2010-10-11 21:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boredor\Pulpit\JAVA ECLIPSE [2010-10-08 15:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\TP [2010-10-08 15:51:20 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe [2010-10-08 15:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boredor\Pulpit\TURBO PASCAL [2010-10-07 20:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2010-10-07 17:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink [2010-10-07 17:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink [2010-10-04 22:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock [2010-10-03 14:50:09 | 002,094,872 | ---- | C] (PeerBlock, LLC ) -- C:\Documents and Settings\Boredor\Pulpit\PeerBlock-Setup_v1.0+_r320.exe [2010-09-29 16:28:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-09-29 16:19:32 | 000,000,000 | ---D | C] -- C:\barbara [2010-09-27 19:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-09-27 18:59:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010-09-27 18:59:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010-09-27 18:59:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010-09-27 16:34:43 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2010-09-27 16:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2010-09-27 16:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2010-09-26 18:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft [2010-09-24 18:24:58 | 000,703,352 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Boredor\Menu Start\Programy\Autostart\autoruns.exe [2010-09-24 18:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boredor\Pulpit\Autoruns [2010-02-27 20:39:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Boredor\Dane aplikacji\pcouffin.sys [2010-01-02 12:01:10 | 003,509,760 | ---- | C] (Karol Winnicki) -- C:\Program Files\BESTplayer2130(dobreprogramy.pl).exe [2009-02-21 17:55:41 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-10-23 15:35:33 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-Boredor-Startup.job [2010-10-23 15:33:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-10-23 14:31:50 | 000,954,657 | ---- | M] () -- C:\Documents and Settings\Boredor\Pulpit\ZRZUT.zip [2010-10-23 13:59:03 | 000,981,504 | ---- | M] () -- C:\Documents and Settings\Boredor\Pulpit\ZRZUT.doc [2010-10-23 13:56:26 | 066,727,532 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010-10-23 13:50:02 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-10-22 20:36:51 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-10-22 20:36:37 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\SpyHunter.lnk [2010-10-22 18:49:14 | 000,060,479 | ---- | M] () -- C:\Documents and Settings\Boredor\Pulpit\POTW_MAT_DYSK.pdf [2010-10-20 16:16:43 | 000,156,160 | ---- | M] () -- C:\Documents and Settings\Boredor\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-10-19 23:28:28 | 000,357,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-10-14 17:20:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-10-13 21:57:38 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Boredor\Pulpit\Cała sieć.lnk [2010-10-13 19:43:26 | 073,265,568 | ---- | M] () -- C:\Documents and Settings\Boredor\Moje dokumenty\Matematyka_dyskretna_-_K.A.Ross_C.R.B.Wright.pdf [2010-10-12 17:35:27 | 000,450,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-10-12 17:35:27 | 000,074,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-10-12 17:35:27 | 000,034,416 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-10-12 17:35:27 | 000,017,470 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-10-10 19:34:40 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-10-10 17:39:06 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Boredor\Pulpit\HiJackThis.lnk [2010-10-09 17:10:46 | 001,052,277 | ---- | M] () -- C:\Documents and Settings\Boredor\Moje dokumenty\supermemo09102010.bak [2010-10-08 16:43:42 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\Boredor\Pulpit\Skrót do WORK.lnk [2010-10-08 15:52:29 | 000,000,000 | ---- | M] () -- C:\TP0FE063.$$$ [2010-10-07 20:19:56 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk [2010-10-07 20:19:55 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\WinZip.lnk [2010-10-07 17:59:30 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Boredor\Pulpit\DVD Shrink 3.2 PL.lnk [2010-10-06 19:15:08 | 000,007,873 | ---- | M] () -- C:\Documents and Settings\Boredor\Pulpit\bez_danych_osob.xlsx [2010-10-04 22:07:39 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Boredor\Pulpit\PeerBlock.lnk [2010-10-03 21:00:09 | 000,000,282 | RHS- | M] () -- C:\boot.ini [2010-10-03 14:50:12 | 002,094,872 | ---- | M] (PeerBlock, LLC ) -- C:\Documents and Settings\Boredor\Pulpit\PeerBlock-Setup_v1.0+_r320.exe [2010-10-02 09:30:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-09-29 17:24:26 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2010-09-29 17:24:26 | 000,091,560 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2010-09-29 17:24:25 | 000,239,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [2010-09-29 17:24:25 | 000,025,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2010-09-29 17:24:25 | 000,015,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys [2010-09-26 22:25:03 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-09-24 20:47:08 | 000,000,119 | ---- | M] () -- C:\WINDOWS\Podcasts.INI [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-10-23 14:31:50 | 000,954,657 | ---- | C] () -- C:\Documents and Settings\Boredor\Pulpit\ZRZUT.zip [2010-10-23 13:59:02 | 000,981,504 | ---- | C] () -- C:\Documents and Settings\Boredor\Pulpit\ZRZUT.doc [2010-10-22 20:36:37 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\SpyHunter.lnk [2010-10-22 18:49:14 | 000,060,479 | ---- | C] () -- C:\Documents and Settings\Boredor\Pulpit\POTW_MAT_DYSK.pdf [2010-10-14 17:16:47 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010-10-13 21:57:38 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Boredor\Pulpit\Cała sieć.lnk [2010-10-13 19:43:24 | 073,265,568 | ---- | C] () -- C:\Documents and Settings\Boredor\Moje dokumenty\Matematyka_dyskretna_-_K.A.Ross_C.R.B.Wright.pdf [2010-10-10 19:34:40 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-10-09 17:10:46 | 001,052,277 | ---- | C] () -- C:\Documents and Settings\Boredor\Moje dokumenty\supermemo09102010.bak [2010-10-08 16:43:42 | 000,000,546 | ---- | C] () -- C:\Documents and Settings\Boredor\Pulpit\Skrót do WORK.lnk [2010-10-08 15:52:29 | 000,000,000 | ---- | C] () -- C:\TP0FE063.$$$ [2010-10-07 20:19:56 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk [2010-10-07 20:19:54 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\WinZip.lnk [2010-10-07 17:59:30 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Boredor\Pulpit\DVD Shrink 3.2 PL.lnk [2010-10-06 19:15:07 | 000,007,873 | ---- | C] () -- C:\Documents and Settings\Boredor\Pulpit\bez_danych_osob.xlsx [2010-10-04 22:07:39 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Boredor\Pulpit\PeerBlock.lnk [2010-07-16 16:21:27 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2010-07-16 16:21:27 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2010-07-16 16:21:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2010-07-16 16:21:27 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2010-06-20 15:58:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\NetworkService\Dane aplikacji\$_hpcst$.hpc [2010-06-01 23:38:32 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll [2010-05-02 11:41:44 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2010-04-24 23:12:31 | 000,011,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys [2010-04-24 23:11:26 | 004,244,744 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll [2010-04-24 23:11:26 | 000,247,560 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll [2010-04-24 23:11:26 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll [2010-04-23 21:33:03 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI [2010-04-16 22:04:09 | 000,326,163 | ---- | C] () -- C:\Documents and Settings\Boredor\Dane aplikacji\Update_HP_RedboxHprblog_HPSU.log [2010-04-16 22:04:09 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2010-04-16 21:56:14 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2010-04-16 21:55:39 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll [2010-04-16 21:55:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2010-04-10 11:49:27 | 000,000,103 | ---- | C] () -- C:\WINDOWS\pro.INI [2010-03-23 21:45:37 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010-03-23 21:45:37 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010-03-23 21:45:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Boredor\Dane aplikacji\$_hpcst$.hpc [2010-02-27 20:39:15 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Boredor\Dane aplikacji\pcouffin.log [2010-02-27 20:39:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Boredor\Dane aplikacji\pcouffin.cat [2010-02-27 20:39:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Boredor\Dane aplikacji\pcouffin.inf [2009-12-12 11:52:39 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009-12-12 11:52:39 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\7118ACD2B7.sys [2009-11-25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-11-15 22:16:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll [2009-11-15 22:16:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll [2009-11-14 16:59:52 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2009-11-04 22:15:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2009-10-10 16:24:19 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-10-10 16:24:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Boredor\Dane aplikacji\PnkBstrK.sys [2009-10-10 16:22:49 | 000,000,290 | ---- | C] () -- C:\WINDOWS\game.ini [2009-06-12 06:49:04 | 000,000,251 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI [2009-03-31 18:03:00 | 000,000,294 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-03-22 16:36:11 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-03-22 16:36:10 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-03-18 18:38:33 | 000,000,121 | ---- | C] () -- C:\WINDOWS\impresja.ini [2009-03-14 19:08:07 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2009-03-08 18:47:07 | 000,000,824 | ---- | C] () -- C:\WINDOWS\flax.ini [2009-03-04 23:41:49 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Boredor\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2009-03-03 14:25:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI [2009-03-03 13:57:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009-02-26 22:33:23 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2009-02-26 22:33:23 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2009-02-26 22:33:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2009-02-26 22:33:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2009-02-26 22:33:17 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2009-02-26 22:33:11 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2009-02-26 22:16:49 | 000,156,160 | ---- | C] () -- C:\Documents and Settings\Boredor\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-02-21 20:50:59 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-02-21 18:30:23 | 000,004,484 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-02-21 17:55:30 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2009-01-05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008-04-20 11:03:09 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2007-10-25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2005-06-01 12:07:24 | 000,007,536 | R--- | C] () -- C:\WINDOWS\System32\drivers\ccdpar.sys [2004-09-24 01:31:08 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll [2004-07-29 19:08:30 | 000,028,801 | ---- | C] () -- C:\WINDOWS\php.ini [2004-03-18 09:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:848A8D00 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report > GMER; GMER 1.0.15.15477 - http://www.gmer.net Rootkit scan 2010-10-23 17:33:04 Windows 5.1.2600 Dodatek Service Pack 3 Running: miniu2r1.exe; Driver: C:\DOCUME~1\Boredor\USTAWI~1\Temp\uwdyypod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB127A7B6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB1279D66] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB127A41C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB127B02A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB1279C42] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB127D0E8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB127D46E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB127962E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB127A9A2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB127ABA2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB1279434] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB127B768] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB127B9BE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB127CAF8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB1279FFE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB127A5F8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB127B01A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB1279062] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB127A2A2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB1279266] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB127BBCC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB127C020] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB127BDDE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB127B580] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB127C590] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB127C844] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB127ADF2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB127CDF0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB127B2F8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB1279F98] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB127A18E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB1279A44] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB1279832] INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) AEAE716D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) AEAE6FC2 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 4 Bytes CALL B5016D1D .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xAE8DD400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAE981620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAE981620] .protect˙˙˙˙hardlockunknown last code section [0xAE981400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xAE981400, 0x5126, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgnsx.exe[316] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[804] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012D0001 .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[848] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[860] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1032] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1064] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1120] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005017E0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1216] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005181B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1296] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1424] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\MsPMSPSv.exe[1504] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1572] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\spoolsv.exe[1656] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[1840] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0078CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0077CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0078CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0078CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0078CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0078CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0078C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0078CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0078CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0078C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0078CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0078CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0078CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0078C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0078A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0077CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0078CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0078CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0078CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 0078CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!LoadLibraryExW + 4 7C801AF9 3 Bytes [83, CC, CC] {OR ESP, -0x34} .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0078CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0078CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00787790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00788320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0078CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0078CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0078CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0078CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0078CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0078CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0078CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0078CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0078CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0078CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0078CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0078CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0078CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0078CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0078CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0078CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0078CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0078CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0078CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0078CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0078E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 0078D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [9B, 88, CC, CC] {WAIT ; MOV AH, CL; INT 3 } .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 007862C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 0078D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00786BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 0078DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 0078DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0078C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0078C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0078CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0078C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 0078E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 0078E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\jre6\bin\jqs.exe[2000] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\jre6\bin\jqs.exe[2000] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgrsx.exe[2412] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Boredor\Pulpit\ANTY WIRUSY\miniu2r1.exe[2484] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08330001 .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[2672] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\System32\alg.exe[2856] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\System32\alg.exe[2856] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] WININET.dll!InternetConnectA 3FD0DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] WININET.dll!InternetConnectW 3FD0F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\ctfmon.exe[3592] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\ctfmon.exe[3592] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\AVG\AVG9\avgtray.exe[3892] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ADVAPI32.dll!OpenServiceW 77DD6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ADVAPI32.dll!OpenServiceW + 3 77DD7000 4 Bytes [25, 98, CC, CC] .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ADVAPI32.dll!OpenServiceA 77DE4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ADVAPI32.dll!CreateServiceA 77E27211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ADVAPI32.dll!CreateServiceW 77E273A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ole32.dll!CoCreateInstanceEx 774EF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\WinZip\WZQKPICK.EXE[3920] ole32.dll!CoGetClassObject 775051F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9C676E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9C677B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C67780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9C67740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9C67740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9C677B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9C676E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C67780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C67780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9C67740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9C677B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9C676E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9C67740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9C67780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9C676E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9C677B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9C676E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9C677B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9C67740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C67780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9C67740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9C677B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9C676E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9C67740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C67780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9C676E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9C677B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5FF50000 IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5FFD0000 IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5FF90000 IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 60090000 IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5FFD0000 IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5FF90000 IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5FFD0000 IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5FF90000 IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5FF90000 IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5FFD0000 IAT C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[168] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5FF90000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] 5F150000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgnsx.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[656] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\lsass.exe[860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\Ati2evxx.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\Ati2evxx.exe[1012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\Ati2evxx.exe[1012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\Ati2evxx.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\Ati2evxx.exe[1012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\Ati2evxx.exe[1012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\Ati2evxx.exe[1012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\Ati2evxx.exe[1012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1032] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1120] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1424] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\MsPMSPSv.exe[1504] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\MsPMSPSv.exe[1504] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\MsPMSPSv.exe[1504] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\MsPMSPSv.exe[1504] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\MsPMSPSv.exe[1504] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\MsPMSPSv.exe[1504] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\MsPMSPSv.exe[1504] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\MsPMSPSv.exe[1504] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\spoolsv.exe[1656] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1840] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] 5F150000 IAT C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe[1880] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\AVG\AVG9\avgwdsvc.exe[1892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\jre6\bin\jqs.exe[2000] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgchsvx.exe[2408] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgrsx.exe[2412] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\AVG\AVG9\avgrsx.exe[2412] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgrsx.exe[2412] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgrsx.exe[2412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgrsx.exe[2412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgrsx.exe[2412] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[2672] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\System32\alg.exe[2856] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[3316] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] 5F150000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[3520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] 5F150000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3564] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[3584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\WINDOWS\system32\ctfmon.exe[3592] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\PROGRA~1\MI3AA1~1\rapimgr.exe[3624] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\AVG\AVG9\avgtray.exe[3892] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F050000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] 5F190000 IAT C:\Program Files\WinZip\WZQKPICK.EXE[3920] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F0D0000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x97 0x9E 0xC4 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x97 0x9E 0xC4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x97 0x9E 0xC4 ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- EOF - GMER 1.0.15 ----