Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I have a keylogger

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:50 am

.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 007A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 007A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 007A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 007A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 007A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 007A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 007A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 007A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 007A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 007A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 007A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 007A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 007A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE30F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 007A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 007A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDD0F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 007A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [F8, 83]
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 007A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 007A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 007A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 007A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE00F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 007A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 007A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 007A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 007A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 007A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE60F5A
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 007A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 007A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 007A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 007A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 007A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\svchost.exe[992] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 007A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 007A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 007A1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 007A1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 007A1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\svchost.exe[992] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\svchost.exe[992] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 007A1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 007A1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\system32\svchost.exe[992] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 007A1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[992] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE90F5A
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FEC0F5A
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FEF0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00B91950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00B98B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B918D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B91890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00B919B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00B91910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00B91A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00B91970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00B918F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B91930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00B919D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00B91990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B918B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00B91A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00B94550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00B98A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 00B919F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B91B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B91D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00B91AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B91AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B91D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B91A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B91A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00B91A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00B91D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 00B91CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 00B91D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00B91B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE30F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 00B91C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00B91C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDD0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 00B91B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [37, 84]
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 00B91BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00B91B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00B91B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 00B91CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 00B91CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE00F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 00B91C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00B91BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 00B91C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 00B91C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 00B91BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00B91D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 00B91AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE60F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!EndTask 77D89C9D 5 Bytes JMP 00B98700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] user32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 00B91480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 00B91640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!CreateServiceA 77E37359 7 Bytes JMP 00B91000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] advapi32.dll!CreateServiceW 77E374F1 7 Bytes JMP 00B91250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 00B98450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 00B98590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] shell32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00B91E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] shell32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00B91DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] shell32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00B91DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] shell32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] shell32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] shell32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00B91DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 00B91E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD70F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 00B91E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDA0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE90F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FEC0F5A
.text C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FEF0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FDD0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE00F5A
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1056] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\svchost.exe[1056] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\svchost.exe[1056] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\svchost.exe[1056] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE30F5A
.text C:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FE60F5A
.text C:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FE90F5A
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm
Advertisement
Register to Remove

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:51 am

.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FBF001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F89001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F95001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F14001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F11001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F23001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F20001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FB6001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5F92001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FA7001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 5F59001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 5F17001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F5F001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F8F001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 5F86001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FCE001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F3B001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FC8001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F5C001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 5FB3001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 5FAA001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 5FAD001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FCB001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F3E001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 5FB0001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 5F32001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FD1001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F8C001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F41001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FA1001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F44001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F53001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1D001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5F9E001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1A001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F47001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!EndTask 77D89C9D 6 Bytes JMP 5F35001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F71001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F83001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F65001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6E001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6B001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F80001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F77001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F7D001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F62001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F74001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F68001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5F9B001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5F98001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F7A001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!CreateServiceA 77E37359 6 Bytes JMP 5F4D001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] ADVAPI32.dll!CreateServiceW 77E374F1 6 Bytes JMP 5F50001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2F001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2C001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F26001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FBC001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FB9001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F29001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FC2001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FC5001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FD4001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FD7001E
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1152] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FDA001E
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 007A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 007A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 007A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 007A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 007A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 007A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 007A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 007A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 007A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 007A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD60F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 007A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA40F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FBA0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 007A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 007A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5FA10F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE50F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 007A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 007A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDF0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 007A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [F8, 83]
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 007A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 007A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 007A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 007A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE20F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 007A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 007A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 007A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 007A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 007A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE80F5A
.text C:\WINDOWS\System32\svchost.exe[1176] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9E0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F810F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F930F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7E0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F7B0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F900F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F870F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8D0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F840F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAE0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 007A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 007A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FAB0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F8A0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 007A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 007A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB40F5A
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B8, 5F]
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FB10F5A
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 007A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1176] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\System32\svchost.exe[1176] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 007A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 007A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 007A1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 007A1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 007A1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\System32\svchost.exe[1176] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\System32\svchost.exe[1176] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 007A1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 007A1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD90F5A
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 007A1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1176] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDC0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] WS2_32.dll!socket 71AB3B91 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\svchost.exe[1176] WS2_32.dll!socket + 5 71AB3B96 1 Byte [5F]
.text C:\WINDOWS\System32\svchost.exe[1176] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FEE0F5A
.text C:\WINDOWS\System32\svchost.exe[1176] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FF10F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FDD0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE00F5A
.text C:\WINDOWS\system32\svchost.exe[1252] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\svchost.exe[1252] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\svchost.exe[1252] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\svchost.exe[1252] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE30F5A
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FE60F5A
.text C:\WINDOWS\system32\svchost.exe[1252] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FE90F5A
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:52 am

.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00711950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00718B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007118D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00711890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007119B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00711910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00711A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00711970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 007118F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00711930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 007119D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00711990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007118B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00711A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00714550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00718A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 007119F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00711B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00711D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00711AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00711AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00711D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00711A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00711A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5F9E0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB40F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00711A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00711D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 00711CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 00711D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F690F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9B0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00711B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FDF0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F410F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 00711C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00711C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FD90F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 00711B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [EF, 83]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F660F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 00711BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00711B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00711B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 00711CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 00711CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FDC0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 00711C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00711BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 00711C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F440F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 00711C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 00711BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00711D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 00711AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE20F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F980F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7B0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F8D0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F6F0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8A0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F810F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F870F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F6C0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F7E0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F720F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FA80F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 00711480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 00711640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA50F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F840F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 00711000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 00711250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F470F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FAE0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4A0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B2, 5F] {MOV DL, 0x5f}
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAB0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 00718700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [60, 5F] {PUSHA ; POP EDI}
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 00711E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 00711E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FD60F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 00718450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 00718590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE50F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FE80F5A
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] WS2_32.dll!listen 71AB88D3 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] WS2_32.dll!listen + 5 71AB88D8 1 Byte [5F]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 007A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 007A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 007A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 007A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 007A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 007A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 007A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 007A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 007A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 007A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 007A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 007A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 007A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 007A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 007A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 007A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE30F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 007A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 007A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDD0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 007A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [F8, 83]
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 007A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 007A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 007A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 007A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 007A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE00F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 007A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 007A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 007A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 007A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 007A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 007A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 007A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE60F5A
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 007A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 007A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 007A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 007A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 007A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 007A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 007A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 007A1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 007A1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 007A1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\svchost.exe[1380] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 007A1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 007A1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\system32\svchost.exe[1380] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 007A1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1380] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE90F5A
.text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FEC0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FEF0F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1420] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00391950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00398B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003918D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00391890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003919B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00391910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00391A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00391970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003918F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00391930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003919D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00391990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003918B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00391A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00394550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00398A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 003919F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00391B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00391D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00391AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00391AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00391D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00391A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00391A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00391A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00391D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 00391CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 00391D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00391B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE30F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 00391C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00391C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDD0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 00391B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B7, 83] {MOV BH, 0x83}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 00391BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00391B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00391B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 00391CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 00391CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE00F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 00391C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00391BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 00391C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 00391C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 00391BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00391D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 00391AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE60F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 00391480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 00391640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 00391000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 00391250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 00398700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 00391E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 00391DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 00391DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 00391DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 00398450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 00398590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 00391E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD70F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 00391E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDA0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE90F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FEC0F5A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FEF0F5A
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:53 am

.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003C1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003C8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003C1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003C19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003C1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003C1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003C18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003C1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003C19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003C1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003C18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003C1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003C4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003C8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 003C19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003C1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003C1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003C1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003C1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003C1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003C1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003C1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 003C1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 003C1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 003C1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 003C1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003C1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 003C1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003C1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 003C1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [BA, 83]
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 003C1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003C1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003C1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 003C1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 003C1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 003C1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003C1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 003C1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 003C1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 003C1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 003C1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 003C1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 003C1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 003C1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 003C1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 003C1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 003C8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 003C1E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 003C1E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 003C8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 003C8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 003C1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1508] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 003C1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003B1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003B8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003B1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003B19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003B1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003B1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003B18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003B1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003B19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003B1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003B18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003B1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003B4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003B8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 003B19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003B1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003B1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003B1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003B1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003B1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003B1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003B1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 003B1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 003B1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 003B1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 003B1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003B1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE30F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 003B1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003B1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDD0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 003B1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B9, 83]
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 003B1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003B1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003B1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 003B1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 003B1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE00F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 003B1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003B1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 003B1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 003B1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 003B1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 003B1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 003B1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE60F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 003B1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 003B1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 003B1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 003B1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 003B8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 003B1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 003B1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 003B1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 003B1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 003B8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 003B8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 003B1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD70F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 003B1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDA0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE90F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FEC0F5A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FEF0F5A
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 003A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 003A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 003A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 003A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 003A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 003A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 003A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B8, 83]
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 003A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 003A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 003A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 003A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 003A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 003A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 003A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 003A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 003A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 003A1E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 003A1E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 003A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 003A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 003A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 003A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 003A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 003A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 003A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 003A1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2584] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 003A1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FDD0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE00F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE30F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FE60F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2636] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FE90F5A
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:54 am

.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 003A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 003A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 003A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 003A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 003A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 003A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 003A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B8, 83]
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 003A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 003A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 003A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 003A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 003A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 003A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 003A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 003A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 003A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 003A1E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 003A1E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 003A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 003A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 003A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 003A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 003A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 003A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 003A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 003A1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2664] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 003A1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006A1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006A8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006A18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006A1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 006A19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 006A1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 006A1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 006A1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 006A18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006A1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 006A19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 006A1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006A18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 006A1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 006A4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 006A8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 006A19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD50F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006A1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 006A1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 006A1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 006A1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 006A1D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006A1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 006A1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCC0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB90F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 006A1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 006A1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 006A1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 006A1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 006A1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FE40F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 006A1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 006A1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FDE0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 006A1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!OpenFile + 3 7C821995 2 Bytes CALL 975A821D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 006A1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 006A1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 006A1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 006A1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 006A1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FE10F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 006A1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 006A1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 006A1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 006A1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 006A1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 006A1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 006A1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE70F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F800F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F920F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8F0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F860F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8C0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F830F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAD0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 006A1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 006A1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FAA0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F890F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 006A1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 006A1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB30F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B7, 5F] {MOV BH, 0x5f}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FB00F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 006A8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 006A8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 006A8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 006A1E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FEA0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FED0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 006A1E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FF00F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 006A1E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 006A1DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 006A1DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD20F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCF0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 006A1DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 006A1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] WININET.dll!InternetOpenUrlA 771C5A11 6 Bytes JMP 5FD80F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 006A1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] WININET.dll!InternetOpenUrlW 771D5B5A 6 Bytes JMP 5FDB0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [43, 5F] {INC EBX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!TlsGetValue 7C809750 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 5FDD0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 5FE00F5A
.text C:\WINDOWS\system32\svchost.exe[3308] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegSetValueExW 77DDD747 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegQueryValueW 77DDD85A 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegCreateKeyExA 77DDE9D4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegSetValueExA 77DDEAC7 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegOpenKeyA 77DDEFA8 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!OpenSCManagerW 77DE6F3D 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!OpenSCManagerA 77DF6996 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!RegQueryValueA 77DFBB75 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!LsaRemoveAccountRights 77E1AB91 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!GetKeyState 77D4C379 6 Bytes JMP 5F4B0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!GetWindowTextW 77D4C9FD 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!GetAsyncKeyState 77D4D051 6 Bytes JMP 5F4E0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!ShowWindow 77D4D4DE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!ShowWindow + 4 77D4D4E2 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!SetWinEventHook 77D6E3D3 6 Bytes JMP 5F600F5A
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!SetWindowsHookExW 77D6E621 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!GetWindowTextA 77D6F82E 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!SetWindowsHookExA 77D702B2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!DdeConnect 77D87DBC 6 Bytes JMP 5F510F5A
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!RegisterRawInputDevices 77D9C9AA 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3308] USER32.dll!RegisterRawInputDevices + 4 77D9C9AE 2 Bytes [64, 5F]
.text C:\WINDOWS\system32\svchost.exe[3308] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] SHELL32.dll!ShellExecuteExW 7CA0D5FE 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] SHELL32.dll!ShellExecuteEx 7CA0FB1C 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] SHELL32.dll!ShellExecuteA 7CA0FE44 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\svchost.exe[3308] SHELL32.dll!Shell_NotifyIcon 7CA389E7 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\svchost.exe[3308] SHELL32.dll!ShellExecuteW 7CAB2988 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[3308] WS2_32.dll!socket 71AB3B91 6 Bytes JMP 5FE30F5A
.text C:\WINDOWS\system32\svchost.exe[3308] WS2_32.dll!bind 71AB3E00 6 Bytes JMP 5FE60F5A
.text C:\WINDOWS\system32\svchost.exe[3308] WS2_32.dll!listen 71AB88D3 6 Bytes JMP 5FE90F5A
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003C1950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003C8B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003C18D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003C1890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003C19B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003C1910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003C1A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003C1970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003C18F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003C1930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003C19D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003C1990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003C18B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003C1A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003C4550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003C8A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ntdll.dll!LdrGetProcedureAddress 7C9177B8 5 Bytes JMP 003C19F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003C1B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003C1D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003C1AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003C1AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C15AF0 C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003C1A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003C1A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 003C1A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 003C1D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 003C1CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 003C1D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003C1B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 003C1C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003C1C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 003C1B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [BA, 83]
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 003C1BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003C1B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003C1B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 003C1CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 003C1CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 003C1C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003C1BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 003C1C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 003C1C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 003C1BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 003C1D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 003C1AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ADVAPI32.dll!OpenServiceW 77DE6FE5 7 Bytes JMP 003C1480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ADVAPI32.dll!OpenServiceA 77DF4C56 7 Bytes JMP 003C1640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ADVAPI32.dll!CreateServiceA 77E37359 7 Bytes JMP 003C1000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ADVAPI32.dll!CreateServiceW 77E374F1 7 Bytes JMP 003C1250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 003C8700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] WININET.dll!InternetConnectA 771C30B3 5 Bytes JMP 003C1E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] WININET.dll!InternetConnectW 771CEDE8 5 Bytes JMP 003C1E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 003C8450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Marvin Kosh.OMNILOTH\Desktop\Temp Folder\gmer.exe[3320] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 003C8590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:55 am

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F744F042] spxw.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F744F13E] spxw.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F744F0C0] spxw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F744F800] spxw.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F744F6D6] spxw.sys
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!KfAcquireSpinLock] BA86880C
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!READ_PORT_UCHAR] 8B00001C
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!KeGetCurrentIrql] 24A48DFA
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!KfRaiseIrql] 00000000
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!KfLowerIrql] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!HalGetInterruptVector] 8D3F0304
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!HalTranslateBusAddress] CB033043
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!KeStallExecutionProcessor] 0673C13B
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!KfReleaseSpinLock] C13B0003
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8366FA72
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!READ_PORT_USHORT] 75000E7B
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[HAL.dll!WRITE_PORT_UCHAR] 307B8D00
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[WMILIB.SYS!WmiSystemControl] 83660000
IAT \SystemRoot\System32\Drivers\a41g7icm.SYS[WMILIB.SYS!WmiCompleteRequest] 6A000E7A
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\agb7axbl.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F745EE9C] spxw.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F72B26E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F72B27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F72B2780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F72B2740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F72B2740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F72B27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F72B26E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F72B2780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F72B2780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F72B2740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F72B27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F72B26E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F72B2740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F72B26E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F72B27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F72B2780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F72B26E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F72B27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F72B2740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F72B2780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F72B2740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F72B27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F72B26E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F72B26E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F72B27B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F72B2780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F72B2740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\Explorer.EXE [USER32.dll!EndTask] 5F3F0000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\Explorer.EXE [SHELL32.dll!ShellExecuteExW] 5F370000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\spoolsv.exe[224] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA20000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA20000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F510000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F550000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC40000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FB80000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wdfmgr.exe[592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA20000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA20000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC40000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FB80000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F510000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F550000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\WTClient.exe[636] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Winamp\winampa.exe[640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\rundll32.exe[684] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[752] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:55 am

IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00700002
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00700000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA70000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA70000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC90000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBD0000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBD0000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[832] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe[1024] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1056] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F9B0000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC20000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA80000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC20000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC20000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA80000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F9B0000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC20000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FCA0000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F9B0000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBE0000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC20000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC20000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBE0000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F9B0000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F9B0000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\System32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5FA80000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F970000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F9B0000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1176] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1252] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:56 am

IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA20000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA20000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FB80000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F950000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FB80000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FBC0000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC40000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F910000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F510000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F550000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\Drivers\WTSRV.EXE[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1380] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1436] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\Program Files\DAEMON Tools Lite\daemon.exe[1696] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [66044876] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6604481F] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6604481F] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [66044876] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6604481F] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [66044876] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6604481F] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [66044876] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [66044819] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [6604493C] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [660448F3] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6604481F] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [66044876] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [66044819] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [66044819] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [66044876] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6604481F] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [660448F3] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [6604493C] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [66044876] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [66044819] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6604481F] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2636] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 9:57 am

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA70000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA70000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC90000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBD0000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC10000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CopyFileA] 5FBD0000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F9A0000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F960000
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2928] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CopyFileExW] 5FC80000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileA] 5FBC0000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CopyFileW] 5FC00000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5FA60000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtLoadDriver] 5F550000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 5F590000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F950000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F990000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[3308] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 877D81F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 8755B1F8
Device \Driver\sptd \Device\3317493616 spxw.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8776D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8776D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8776D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8776D1F8
Device \Driver\usbohci \Device\USBPDO-1 8755B1F8
Device \Driver\usbehci \Device\USBPDO-2 875121F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 877DA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 877DA1F8
Device \Driver\PCI_PNP2752 \Device\00000059 spxw.sys
Device \Driver\atapi \Device\Ide\IdePort0 877D91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 877D91F8
Device \Driver\atapi \Device\Ide\IdePort1 877D91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 877D91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 877D91F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 877D91F8
Device \Driver\Cdrom \Device\CdRom1 873C2500
Device \Driver\sptd \Device\3317393472 spxw.sys
Device \Driver\Cdrom \Device\CdRom2 873C2500
Device \Driver\Ftdisk \Device\HarddiskVolume4 877DA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 877DA1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8683D1F8
Device \Driver\NetBT \Device\NetbiosSmb 8683D1F8
Device \Driver\PCI_PNP2752 \Device\0000005a spxw.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBFDO-0 8755B1F8
Device \Driver\usbohci \Device\USBFDO-1 8755B1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86890500
Device \Driver\usbehci \Device\USBFDO-2 875121F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86890500
Device \Driver\Ftdisk \Device\FtControl 877DA1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{91C6ACF2-0356-42BD-A7AD-E8D7F88C5278} 8683D1F8
Device \Driver\a41g7icm \Device\Scsi\a41g7icm1 8730B500
Device \Driver\agb7axbl \Device\Scsi\agb7axbl1 87400500
Device \Driver\agb7axbl \Device\Scsi\agb7axbl1Port3Path0Target0Lun0 87400500
Device \FileSystem\Cdfs \Cdfs 8736A500
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [196] 0x02100000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [196] 0x033C0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x68 0xEE 0x85 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x6C 0xC8 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2E 0x22 0xF5 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE4 0xFC 0x94 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0xEC 0x06 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x43 0x55 0xC6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5C 0x1D 0xBB 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF1 0xB6 0x56 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x30 0xB3 0x84 0xD3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x68 0xEE 0x85 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x6C 0xC8 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2E 0x22 0xF5 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE4 0xFC 0x94 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0xEC 0x06 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x43 0x55 0xC6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5C 0x1D 0xBB 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF1 0xB6 0x56 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x30 0xB3 0x84 0xD3 ...

---- EOF - GMER 1.0.15 ----
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 20th, 2009, 10:00 am

Log posting done.
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby sinclaire » August 22nd, 2009, 5:19 pm

I noticed that earlier I missed out the info.txt on the RSIT scan. Sorry about that. I've re-run the scan and have appended the results from both files in case you need it:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marvin Kosh at 2009-08-22 22:16:30
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (28%) free of 30 GB
Total RAM: 1023 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:46, on 22/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Applications\Mozilla Firefox\firefox.exe
J:\My Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Marvin Kosh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Arucer] rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [WindowBlinds] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://a248.e.akamai.net
O15 - Trusted Zone: http://*.bitedefender.co.uk
O15 - Trusted Zone: http://ssl-hints.netflame.cc
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 0555413093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0555332988
O20 - AppInit_DLLs: wbsys.dll ,C:\DOCUME~1\MARVIN~1.OMN\LOCALS~1\Temp\35138mja.dll C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 6876 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
C:\WINDOWS\tasks\Check e-mail.job
C:\WINDOWS\tasks\DefragC.job
C:\WINDOWS\tasks\DefragD.job
C:\WINDOWS\tasks\DefragE.job
C:\WINDOWS\tasks\DefragH.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}]
CoTGT_BHO Class - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll [2006-05-10 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-18 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-18 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanSoft OmniPage SE 4.0-reminder"=C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe -r C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini []
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-08-13 1793808]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"WTClient"=C:\WINDOWS\system32\WTClient.exe [2007-04-11 40960]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2009-06-19 259344]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"Arucer"=rundll32 C:\WINDOWS\system32\Arucer.dll,Arucer []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-08-16 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"=C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe [2007-05-22 521128]
"WindowBlinds"=C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBInstall32.exe []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-02 203416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-23 1948440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boinc]
C:\Program Files\BOINC\boincmgr.exe [2007-07-04 3846912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CtxfiReg]
CTXFIREG.exe /FAIL1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Email Notifier]
D:\Applications\NT Email Notifier\NTEmailNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartException]
C:\Program Files\Stardock\SmartException\SmartEx.exe [2006-11-14 87728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-18 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^BOINC Manager.lnk]
C:\PROGRA~1\BOINC\boincmgr.exe [2007-07-04 3846912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^ImpulseNow.lnk]
C:\PROGRA~1\Stardock\Impulse\Now\IMPULS~1.EXE [2009-08-19 464176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Marvin Kosh.OMNILOTH^Start Menu^Programs^Startup^UltraMon.lnk]
C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Microsoft\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3
"JavaQuickStarterService"=2
"Ati HotKey Poller"=2
"SQLWriter"=3
"MSSQL$SQLEXPRESS"=3
"avg8wd"=2
"avg8emc"=2
"wuauserv"=2
"WebClient"=2
"VSS"=3
"UPS"=3
"TrkWks"=2
"TermService"=3
"StyleXPService"=3
"SharedAccess"=2
"SCardSvr"=3
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"mnmsrvc"=3
"LmHosts"=2
"lanmanserver"=2
"FastUserSwitchingCompatibility"=3
"Browser"=3
"BITS"=2
"aspnet_state"=3
"Alerter"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll ,C:\DOCUME~1\MARVIN~1.OMN\LOCALS~1\Temp\35138mja.dll C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceStartMenuLogOff"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"H:\Games\Neverwinter Nights 2\nwn2main.exe"="H:\Games\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"H:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe"="H:\Games\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"H:\Games\Neverwinter Nights 2\nwupdate.exe"="H:\Games\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"H:\Games\Neverwinter Nights 2\nwn2server.exe"="H:\Games\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="H:\Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"H:\Games\Battle for Middle-earth II\game.dat"="H:\Games\Battle for Middle-earth II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"J:\Games\NWN 2\nwn2main.exe"="J:\Games\NWN 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"J:\Games\NWN 2\nwn2main_amdxp.exe"="J:\Games\NWN 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"J:\Games\NWN 2\nwupdate.exe"="J:\Games\NWN 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"J:\Games\NWN 2\nwn2server.exe"="J:\Games\NWN 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"D:\Applications\Ventrilo\Ventrilo.exe"="D:\Applications\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{559954fe-a061-11dc-8e02-00000000a666}]
shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{559954ff-a061-11dc-8e02-00000000a666}]
shell\AutoRun\command - J:\Autorun.exe


======List of files/folders created in the last 1 months======

2009-08-19 22:47:17 ----SHD---- C:\Config.Msi
2009-08-19 06:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-19 06:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-19 06:20:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-19 06:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-19 06:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-19 06:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-19 06:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-19 06:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-19 06:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-08-19 06:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-19 06:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-19 05:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-08-19 05:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-19 05:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-19 05:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-19 05:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-19 05:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-19 05:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957579$
2009-08-19 05:35:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-19 05:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-19 05:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-19 05:26:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-19 05:26:09 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-08-19 05:22:27 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-08-19 05:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-19 05:21:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-08-19 05:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-08-19 05:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-19 05:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB959252-v2$
2009-08-19 05:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-08-19 05:07:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-19 05:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-08-19 05:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-08-19 04:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-08-19 04:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-08-19 04:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-08-19 04:47:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-08-19 04:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-08-19 04:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-08-19 04:35:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-08-19 04:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-08-19 04:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-08-19 04:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-08-19 04:21:56 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-08-19 04:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-08-19 04:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-08-18 01:32:24 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-18 01:32:23 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-18 01:32:17 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-18 01:32:12 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-17 22:26:12 ----D---- C:\rsit
2009-08-16 10:55:38 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-15 18:08:02 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Malwarebytes
2009-08-15 18:07:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-15 18:06:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-15 17:05:55 ----D---- C:\WINDOWS\BDOSCAN8
2009-08-14 12:13:43 ----D---- C:\Program Files\Lavasoft
2009-08-14 12:13:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-08-13 16:44:22 ----D---- C:\Program Files\Process Monitor
2009-08-13 11:48:32 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-08-13 11:48:32 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-13 11:48:22 ----D---- C:\Program Files\Alwil Software
2009-08-13 09:12:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo
2009-08-13 09:12:16 ----A---- C:\WINDOWS\system32\guard32.dll
2009-08-13 03:01:35 ----A---- C:\WINDOWS\cfplogvw.INI
2009-08-13 02:43:24 ----D---- C:\Program Files\ThreatFire
2009-08-13 02:32:56 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-08-13 02:32:42 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2009-08-13 02:00:47 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-12 23:02:23 ----D---- C:\Program Files\Trend Micro
2009-08-12 09:31:37 ----D---- C:\Program Files\DAEMON Tools Toolbar

======List of files/folders modified in the last 1 months======

2009-08-22 22:16:32 ----D---- C:\WINDOWS\Temp
2009-08-22 22:13:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-22 16:48:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-22 16:48:41 ----D---- C:\Program Files\BOINC
2009-08-22 16:23:43 ----SH---- C:\boot.ini
2009-08-22 16:23:43 ----A---- C:\WINDOWS\win.ini
2009-08-22 16:23:43 ----A---- C:\WINDOWS\system.ini
2009-08-22 00:36:10 ----A---- C:\moduleName.txt
2009-08-20 02:35:15 ----D---- C:\WINDOWS\system32\drivers
2009-08-20 01:01:35 ----D---- C:\Program Files\Common Files\Stardock
2009-08-19 22:54:59 ----RSD---- C:\WINDOWS\assembly
2009-08-19 22:47:19 ----SHD---- C:\WINDOWS\Installer
2009-08-19 22:40:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-19 22:40:11 ----D---- C:\WINDOWS\system32
2009-08-19 22:38:29 ----D---- C:\Program Files\GIMP-2.2
2009-08-19 22:38:25 ----D---- C:\WINDOWS\Prefetch
2009-08-19 22:38:11 ----D---- C:\Program Files\Common Files
2009-08-19 22:13:33 ----A---- C:\WINDOWS\LogonStudio.ini
2009-08-19 06:46:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-19 06:42:11 ----D---- C:\WINDOWS
2009-08-19 06:21:11 ----HD---- C:\WINDOWS\inf
2009-08-19 06:21:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-19 06:20:47 ----A---- C:\WINDOWS\imsins.BAK
2009-08-19 06:19:56 ----D---- C:\Program Files\Outlook Express
2009-08-19 06:14:59 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-19 06:09:05 ----D---- C:\WINDOWS\system32\Setup
2009-08-19 05:59:35 ----D---- C:\Program Files\Internet Explorer
2009-08-19 05:27:26 ----D---- C:\WINDOWS\AppPatch
2009-08-19 05:23:37 ----D---- C:\WINDOWS\system32\wbem
2009-08-19 04:54:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-19 04:21:59 ----D---- C:\Program Files\Messenger
2009-08-18 01:35:06 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-18 01:32:27 ----D---- C:\WINDOWS\Help
2009-08-18 01:30:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-17 14:57:13 ----SHD---- C:\System Volume Information
2009-08-16 23:16:15 ----RD---- C:\Program Files
2009-08-16 11:09:29 ----A---- C:\WINDOWS\WININIT.INI
2009-08-16 10:59:07 ----SD---- C:\WINDOWS\Tasks
2009-08-14 15:34:22 ----D---- C:\WINDOWS\security
2009-08-14 12:18:44 ----SHD---- C:\WINDOWS\CSC
2009-08-14 12:17:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-14 12:15:34 ----HD---- C:\$AVG8.VAULT$
2009-08-13 22:11:05 ----D---- C:\Documents and Settings
2009-08-13 16:26:32 ----D---- C:\WINDOWS\system32\config
2009-08-13 09:12:09 ----D---- C:\Program Files\COMODO
2009-08-13 02:00:48 ----D---- C:\WINDOWS\Debug
2009-08-13 00:19:27 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\Comodo
2009-08-12 22:19:20 ----D---- C:\Documents and Settings\Marvin Kosh.OMNILOTH\Application Data\DAEMON Tools Lite
2009-08-12 09:31:37 ----D---- C:\Program Files\DAEMON Tools Lite
2009-08-09 08:08:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-05 10:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 07:04:41 ----D---- C:\Program Files\Winamp
2009-07-29 10:23:16 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-07-29 05:53:14 ----A---- C:\WINDOWS\system32\fontsub.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-18 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-23 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-07 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-08-13 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-08-13 25160]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-07-07 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-07-07 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-07-07 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-07-07 92696]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2008-07-07 797720]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2008-07-07 162840]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 XBCD;XBCD Kernel Module; C:\WINDOWS\System32\Drivers\xbcd.sys [2005-05-13 19212]
S3 ag6jkx8h;ag6jkx8h; C:\WINDOWS\system32\drivers\ag6jkx8h.sys []
S3 ary3078o;ary3078o; C:\WINDOWS\system32\drivers\ary3078o.sys []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-07-07 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys []
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2007-04-23 18432]
S3 UCharger;Usb Charger Driver; C:\WINDOWS\System32\Drivers\UCharger.sys [2007-05-15 13765]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2007-05-31 12800]
S3 UKS11LDR;M-Audio USB Keystation Loader; C:\WINDOWS\system32\drivers\uks11ldr.sys [2008-09-20 13504]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBKT1X1;M-Audio USB Keystation; C:\WINDOWS\system32\drivers\usbkt1x1.sys [2008-09-20 22304]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-08-13 707152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-16 1029456]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2009-06-19 70928]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2007-05-31 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
S4 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-18 907032]
S4 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-23 298776]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-18 152984]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; D:\Applications\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S4 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-08-22 22:16:50

======Uninstall list======

-->"D:\APPLICATIONS\ViaVoice\Bin\vunUK.exe" ProdRunDictate Dc En_UK 'IBM ViaVoice™ Dictation Runtime' C:\WINDOWS\IsUninst.exe -fD:\APPLICATIONS\ViaVoice\RtDict_UK.isu
-->"D:\APPLICATIONS\ViaVoice\Bin\vunUK.exe" ProdRunDictate Dc En_UK 'IBM ViaVoice™ Dictation Runtime' C:\WINDOWS\IsUninst.exe -fD:\APPLICATIONS\ViaVoice\RtDict_UK.isu
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fD:\APPLICATIONS\ViaVoice\tts\vvol50En_UK.isu -c"D:\APPLICATIONS\ViaVoice\tts\\vo50u_UK.dll"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Product/Adobe Studio Update 10/2001-->"C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.exe"
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Anvil Studio-->C:\WINDOWS\system32\AsUninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BOINC-->MsiExec.exe /I{14DD76C8-F13A-4565-B607-5516E8A9ABFE}
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 User Registration-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CEP (Color Enable Package) v.9.0 (beta)-->"D:\Games\zCEP_Uninstaller\unins000.exe"
Colossus Addon Mod 1.0-->E:\Marvin's Documents\SimCity 4\Plugins\a_CAM\uninst.exe
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Dan Elwell's Broadband Speed Test-->"C:\Program Files\Dan Elwell's Broadband Speed Test\unins000.exe"
D-Fend Reloaded 0.7.0 (deinstall)-->"C:\Program Files\D-Fend Reloaded\Uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Energizer UsbCharger v1.0.0-->"C:\Program Files\Energizer UsbCharger\unins000.exe"
FaxTools eXPert-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}\setup.exe" -l0x9
Fences (Free)-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall fences
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB959252-v2)-->"C:\WINDOWS\$NtUninstallKB959252-v2$\spuninst\spuninst.exe"
IBM ViaVoice Standard 10.0 - UK English-->"D:\APPLICATIONS\ViaVoice\Bin\uninst_UK.exe" DeleteProdVVFW100Basic_UK
Impulse-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{7EDBFAEE-C619-4CE4-BE01-EDEA39CA0347}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{7EDBFAEE-C619-4CE4-BE01-EDEA39CA0347}\Impulse_setup.exe
InfoManager-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\InfoManager\ST6UNST.LOG"
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Lola-->MsiExec.exe /I{282E68BD-3D37-443A-A891-299CF4ED6F0C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU-->D:\Applications\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 6.0 Enterprise Edition-->"C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft VM for Java-->RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Miles Sound Tools-->C:\PROGRA~1\MILESS~1\UNWISE.EXE C:\PROGRA~1\MILESS~1\INSTALL.LOG
Miranda IM 0.7.17-->C:\Program Files\Miranda IM\Uninstall.exe
MoRUN.net Sticker-->MsiExec.exe /X{620797B0-A022-4B57-A95E-CD7DD0325010}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.5.2)-->D:\Applications\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->D:\Applications\Thunderbird\uninstall\helper.exe
MP3toBMU 0.35-->C:\Program Files\MP3toBMU\uninst.exe
MSDN Library for Visual Studio 2005-->msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005-->MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
MyColors Diamond Desktop-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall diamond
Network Addon Mod Version April 2008-->E:\Marvin's Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\NVUninst.exe UninstallGUI
NVIDIA nForce Drivers-->C:\WINDOWS\system32\nvuninst.exe Uninstall C:\WINDOWS\system32\NVU001.nvu,NVIDIA nForce Drivers
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RAD Video Tools-->"D:\Applications\RADVideo\uninstall.exe"
Ray Adams ATI Tray Tools-->"C:\Program Files\Ray Adams\ATI Tray Tools\uninstall.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957579)-->"C:\WINDOWS\$NtUninstallKB957579$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SimCity 4 Deluxe-->H:\Games\SimCity 4 Deluxe\EAUninstall.exe
SimPE 0.72 (alpha)-->"C:\Program Files\SimPE\unins001.exe"
SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
Sony Sound Forge 7.0-->MsiExec.exe /I{6B629F70-BE1D-456E-AA97-73619020E7A1}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Starfleet Command III Patcher-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Taldren\Starfleet Command III Patcher\Patcher.isu"
Starfleet Command Orion Pirates-->C:\WINDOWS\IsUninst.exe -f"D:\Games\Starfleet Command Orion Pirates\Uninst.isu"
StyleXP (remove only)-->"C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
SwapMouseButtons version 2.3-->"C:\Program Files\SwapMouseButtons\unins000.exe"
The Battle for Middle-earth (tm) II-->H:\Games\Battle for Middle-earth II\EAUninstall.exe
The Lord of the Rings Online™: Shadows of Angmar™ v01.05.00.811-->"D:\Games\Lord of the Rings Online\unins000.exe"
The Lord of the Rings, The Rise of the Witch-king-->H:\Games\The Lord of the Rings, The Rise of the Witch King\EAUninstall.exe
The Sims 2 Nightlife-->D:\Games\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->D:\Games\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->D:\Games\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->D:\Games\The Sims 2 University\EAUninstall.exe
The Sims 2-->D:\Games\The Sims 2\EAUninstall.exe
The Sims™ 2 Apartment Life-->D:\Games\The Sims 2 Apartment Life\EAUninstall.exe
The Sims™ 2 Bon Voyage-->D:\Games\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 FreeTime-->D:\Games\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 Seasons-->D:\Games\The Sims 2 Seasons\EAUninstall.exe
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
Turnpike Six-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{312B0A22-CF24-11D3-AB8B-00C04FCF5090}\Setup.exe" -l0x9 TurnpikeAddRemove
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB Keyboard Device 1.0.1.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\M-Audio USB Keyboard Device\irunin.ini"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp Essentials Pack-->C:\Program Files\Winamp\UninstallWinampEssentials.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordWeb-->D:\Applications\WordWeb\uninst.exe
XBCD 1.07-->C:\Program Files\XBCD\uninst.exe
Zip Motion Block Video codec (Remove Only)-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\ZMBV.INF

=====HijackThis Backups=====

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll [2009-08-12]
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll [2009-08-12]
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll [2009-08-12]
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2009-08-12]
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2009-08-12]
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll [2009-08-15]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free (disabled)
AV: Lavasoft Ad-Watch Live! Anti-Virus
AV: avast! antivirus 4.8.1335 [VPS 090822-0]
FW: COMODO Firewall

======System event log======

Computer Name: OMNILOTH
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 12380
Source Name: Tcpip
Time Written: 20090519140625.000000+060
Event Type: warning
User:

Computer Name: OMNILOTH
Event Code: 7034
Message: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

Record Number: 12374
Source Name: Service Control Manager
Time Written: 20090519135611.000000+060
Event Type: error
User:

Computer Name: OMNILOTH
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00000000A666. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 12350
Source Name: Dhcp
Time Written: 20090519090428.000000+060
Event Type: warning
User:

Computer Name: OMNILOTH
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 12349
Source Name: W32Time
Time Written: 20090518201152.000000+060
Event Type: warning
User:

Computer Name: OMNILOTH
Event Code: 7034
Message: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

Record Number: 12340
Source Name: Service Control Manager
Time Written: 20090518064300.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: OMNILOTH
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.NetEnterpriseServers.ExceptionMessageBox, Version=9.0.242.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91


Record Number: 1114
Source Name: .NET Runtime Optimization Service
Time Written: 20080201140146.000000+000
Event Type:
User:

Computer Name: OMNILOTH
Event Code: 40
Message: WMI ADAP was unable to create the object Win32_PerfFormattedData_MSSQLSQLEXPRESS_MSSQLSQLEXPRESSBufferManager for Performance Library MSSQL$SQLEXPRESS because error 0x80041002 was returned

Record Number: 1112
Source Name: WinMgmt
Time Written: 20080201140013.000000+000
Event Type: warning
User:

Computer Name: OMNILOTH
Event Code: 40
Message: WMI ADAP was unable to create the object Win32_PerfFormattedData_MSSQLSQLEXPRESS_MSSQLSQLEXPRESSBufferManager for Performance Library MSSQL$SQLEXPRESS because error 0x80041002 was returned

Record Number: 1111
Source Name: WinMgmt
Time Written: 20080201140013.000000+000
Event Type: warning
User:

Computer Name: OMNILOTH
Event Code: 5603
Message: A provider, SQLServerEventProvider, has been registered in the WMI namespace, root\Microsoft\SqlServer\ServerEvents\SQLEXPRESS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 803
Source Name: WinMgmt
Time Written: 20080201135714.000000+000
Event Type: warning
User: OMNILOTH\Marvin Kosh

Computer Name: OMNILOTH
Event Code: 5603
Message: A provider, SQLServerEventProvider, has been registered in the WMI namespace, root\Microsoft\SqlServer\ServerEvents\SQLEXPRESS, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 802
Source Name: WinMgmt
Time Written: 20080201135714.000000+000
Event Type: warning
User: OMNILOTH\Marvin Kosh

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0a00
"PYTHON"=C:\Program Files\Python26\python.exe
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS80COMNTOOLS"=D:\Applications\Microsoft Visual Studio 8\Common7\Tools\
"windir"=%SystemRoot%

-----------------EOF-----------------
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby tan_pang » August 23rd, 2009, 8:40 am

I'm afraid I have unpleasant news for you. You have a Very Dangerous infection on this machine.
The infection is delivered by Rootkit
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:
  • The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
  • The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have a Rootkit, one of the worst kind.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: I have a keylogger

Unread postby sinclaire » August 23rd, 2009, 9:27 am

Okay then. A format and re-install was going to be my original treatment. With luck, I'll be up and running again by this time tomorrow.

So I'm going to backup my data and get myself a list of download locations I'm going to need to visit. And do another round of password changes. And call my credit card company.

I appreciate the benefit of your experience and unbiased opinion, and thank you for all that you've done.
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm

Re: I have a keylogger

Unread postby tan_pang » August 24th, 2009, 6:49 am

sinclaire wrote:So I'm going to backup my data and get myself a list of download locations I'm going to need to visit. And do another round of password changes. And call my credit card company.

Hi, base on the GMER log, I suspect that not only rootkit is installed, but perhaps with computer virus as well.
One of the example is Virut.

Based on the McAfee
W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.

It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either: Immediately before the encrypted code at the end of the last section At the end of the code section of the infected host in 'slack-space' (assuming there is any) At the original entry point of the host (overwriting the original host code)


Therefore, for safety purpose, I would strongly suggest you backup all of your valuable and personal data... (ie. documents, pictures, movies, songs, etc...)
But do NOT backup any applications or installers. Do NOT backup any .exe, .scr, .htm, .html, .xml, .zip, .rar files... as these files may be infected as well.
If you back them up...then replace or reinstall them, you will re-infect your system again.
tan_pang
Regular Member
 
Posts: 959
Joined: August 12th, 2007, 8:04 am

Re: I have a keylogger

Unread postby sinclaire » August 24th, 2009, 11:02 am

I didn't back up any apps or installers, but there's a fair number of HTML files and other stuff on the list which did make it into the backup.

More to the point, all the important stuff was dumped into 7ZIP archives and burned onto CD-Rs.

Is there any way to determine their status before unpacking?
sinclaire
Regular Member
 
Posts: 26
Joined: August 12th, 2009, 6:14 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware