Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ksnapshot.etl,possible remote access software and keyloggers

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ksnapshot.etl,possible remote access software and keyloggers

Unread postby SpectreWolf » November 11th, 2010, 2:49 am

Greetings,

Today, Comodo Internet Security has alerted me that "System" was about to create or modify a file called ksnapshot.etl at this location : C:\Windows\system32\wdi\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{b821fc1c-d91b-406b-89e6-cc8d8a2bae22}\ksnapshot.etl and i blocked it using Comodo's Defence +. I did a quick search on Wikipedia and it tells me that Ksnapshot is a program to take screenshots of the computer's screen. I am sure I did not
install "Ksnapshot" or any type of software similar to this. I did a full system scan using MalwareBytes but it did not find any malicious programs. I am also worried that there might be some remote access programs or keyloggers installed on my computer, commercial or otherwise as there are some very sensitive information on this computer. Can someone on this forum tell me if there are any of those programs installed on my computer?

I have posted a Hijackthis log and an uninstall list below. The version of Hijack This i am currently using is v2.0.4 and i got it from filehippo.com

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:46:30 PM, on 11/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Cyberlink\PlayMovie\PMVService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\PROGRA~1\Jetico\BCWipe\BCResident.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [PCMAgent] "c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "c:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\support\Register\Reg.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3799F451-55C5-45F7-9E4B-7531AE4090D3}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3799F451-55C5-45F7-9E4B-7531AE4090D3}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: BCWipe service (BCWipeSvc) - Jetico, Inc. - C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7489 bytes

UNINSTALL LIST

A.V.A
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield: Bad Company™ 2
BCWipe 4.0
Borderlands
Call of Duty(R) 4 - Modern Warfare(TM)
CCleaner
Command & Conquer The First Decade
COMODO Internet Security
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
CyberLink DVD Suite Deluxe
CyberLink PowerCinema
CyberLink PowerCinema
D3DX10
Defraggler
DEVIL MAY CRY 4
EAX4 Unified Redist
Enhanced Multimedia Keyboard Solution
Far Cry 2
GunboundS2
Hardware Diagnostic Tools
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
ijji - Gunz
LabelPrint
LabelPrint
LightScribe System Software 1.14.32.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
muvee Reveal
My HP Games
NVIDIA 3D Vision Driver 260.99
NVIDIA Drivers
NVIDIA Graphics Driver 260.99
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Power2Go
Power2Go
PowerDirector
PowerDirector
PunkBuster Services
PVSonyDll
Python 2.6 pywin32-212
Python 2.6.1
REACTOR
Realtek High Definition Audio Driver
Recuva
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Speccy
SpeedFan (remove only)
Steam
SUPERAntiSpyware
Team Fortress 2
Tom Clancy's Rainbow Six Vegas 2
Tom Clancy's Splinter Cell Conviction
Tom Clancy's Splinter Cell Double Agent
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack

Also, my computer is running fine. Thanks in advance
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am
Advertisement
Register to Remove

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby askey127 » November 14th, 2010, 8:30 am

Hi SpectreWolf,
If you have personal sensitive information on this machine, you should NOT have Punkbuster installed.
They maintain the right to spy on all your activities.
I would suggest you get rid of it immediately. Then, if you wish, we can analyze your machine for remaining infections.

This is my stock response to users about Punkbuster:
There are some Issues with infections in relation to PunkBuster:
Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this could result in not being able to play the associated games, or corruption of your system.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is NO assurance you will be able to do Punkbuster games afterwards.

Please let me know how you would like to proceed.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 14th, 2010, 9:52 am

Yes, i would like to continue. But how do i exactly completely remove punkbuster? I also saved the pbsetup.exe to my desktop. Can you please tell me how do i get rid of these permanently?
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby askey127 » November 14th, 2010, 4:38 pm

SpectreWolf,
There are a few steps to do here. Just take one step at a time, in sequence.
If you have any major problem, post back and let me know.

You should be able to find "Punkbuster Services" in the programs List.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click this Entry, if it exists, choose Uninstall/Change, and give permission to Continue:

Punkbuster Services

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
---------------------------------------------
Symantec did not remove everything as it should. This is a common problem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
Please Be patient. This tool removes hundreds of files and settings. It will let you know when it's done.
----------------------------------------------
Disable CD Emulator(s)
We need to use powerful tools to investigate your system. *If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since the hidden drivers from CD Emulators can be seen as a rootkit, we need to remove or disable them until disinfection is completed.

Please download DeFogger by jpshortstuff and save it to your desktop.
  • Double click DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
------------------------------------------------------------
Please download the GMER Rootkit Scanner from Here.
  • XP : Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • VISTA/Win7: Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than the System drive (which is typically C:\)
    • Show All (don't miss this one)
      See image below
      Image
  • Then click the Scan button & wait for it to finish
    **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
Note: Do not run any other programs while Gmer is running.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 15th, 2010, 1:39 am

Here is the GMER log. It is too long so i will have to split it into parts.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-15 13:33:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-7 ST3500418AS rev.HP22
Running: jqo0e83b.exe; Driver: C:\Users\Wuffie\AppData\Local\Temp\axryqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8F098BEC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8F09A19C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8F098DD8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8F097F48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8F098852]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8F097E24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8F0985FE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8F099E2C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8F097810]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8F09983C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8F0981E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8F098A2E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8F098484]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8F0992D4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8F099588]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8F099B34]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8F09817A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8F098370]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8F097C26]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8F097A14]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8F098EE8]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 822BC87C 4 Bytes [EC, 8B, 09, 8F]
.text ntkrnlpa.exe!KeSetEvent + 13D 822BC8A0 8 Bytes [9C, A1, 09, 8F, D8, 8D, 09, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 822BC924 4 Bytes [48, 7F, 09, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D9 822BC93C 4 Bytes [52, 88, 09, 8F]
.text ntkrnlpa.exe!KeSetEvent + 205 822BC968 4 Bytes [24, 7E, 09, 8F]
.text ...

---- User code sections - GMER 1.0.15 ----

.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] shell32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] shell32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] shell32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] shell32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtSetInformationProcess
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 15th, 2010, 1:40 am

.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[920] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[988] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 005017E0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[988] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 005181B0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe[1132] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] shell32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] shell32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] shell32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1156] shell32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1224] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[1232] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 15th, 2010, 1:43 am

.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[1332] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] wininet.dll!InternetConnectA 7630DEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\KBD\kbd.exe[1352] wininet.dll!InternetConnectW 7630F862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 15th, 2010, 1:43 am

.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1356] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] shell32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] shell32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] shell32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] shell32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetConnectA 7630DEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1448] WinInet.dll!InternetConnectW 7630F862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1492] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[1508] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\explorer.exe[1696] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[2044] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[2128] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 15th, 2010, 1:45 am

.text C:\Windows\system32\wbem\wmiprvse.exe[2160] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2160] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2212] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2256] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Dwm.exe[2360] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[2368] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] WININET.dll!InternetConnectA 7630DEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2472] WININET.dll!InternetConnectW 7630F862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 15th, 2010, 1:45 am

.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[2524] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[2556] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2640] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2708] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2736] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskeng.exe[2988] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] USER32.dll!TrackPopupMenu 75E214F3 5 Bytes JMP 65735CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3032] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 15th, 2010, 1:45 am

.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3116] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe[3148] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] WININET.dll!InternetConnectA 7630DEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe[3296] WININET.dll!InternetConnectW 7630F862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] WININET.dll!InternetConnectA 7630DEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe[3336] WININET.dll!InternetConnectW 7630F862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] WININET.dll!InternetConnectA 7630DEAE 5 Bytes JMP 1002C980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] WININET.dll!InternetConnectW 7630F862 5 Bytes JMP 1002C960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Cyberlink\PlayMovie\PMVService.exe[3344] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 15th, 2010, 1:46 am

.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3352] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] shell32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] shell32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] shell32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wuauclt.exe[3392] shell32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Jetico\BCWipe\BCResident.exe[3428] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] shell32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] shell32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] shell32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] shell32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\Wuffie\Downloads\jqo0e83b.exe[3436] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\servicing\TrustedInstaller.exe[3440] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3528] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 00719AB0 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Jetico\BCWipe\BCWipeTM.exe[3728] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!KiUserExceptionDispatcher 777D5DC8 5 Bytes JMP 1002C750 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] SHELL32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] SHELL32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] SHELL32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] SHELL32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs fsh.sys (File System Guard module/Jetico, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 15th, 2010, 1:47 am

I know that was an insanely long log. Do you want me to send you the log file just in case? Also, do you want me to post a new HJT log in case i missed out on anything? Thanks for your assistance!
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby askey127 » November 15th, 2010, 9:16 am

SpectreWolf,
COMODO certainly obfuscates any attempt to run rootkit detection.
----------------------------------------------
To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Your Emulation drivers are now re-enabled.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *ksnapshot*
    
    :regfind
    ksnapshot
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis (double-click in XP, or right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl +A), copy (Ctrl+C) and paste (Ctrl+V) the log contents into a reply.

So we are looking for the contents of SystemLook.txt, and a fresh HiJackThis log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: ksnapshot.etl,possible remote access software and keylog

Unread postby SpectreWolf » November 15th, 2010, 9:22 am

Here is the system look result

SystemLook 04.09.10 by jpshortstuff
Log created at 21:18 on 15/11/2010 by Wuffie
Administrator - Elevation successful

========== filefind ==========

Searching for "*ksnapshot*"
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{2468cedd-4dc2-4cb4-96be-64496c0f39c6}\ksnapshot.etl --a---- 3997696 bytes [12:05 04/11/2010] [12:05 04/11/2010] 1644A7052EA7BFC9612289850A414DFE
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{3708da8f-97f4-4b94-ae0d-0e398d0c06c3}\ksnapshot.etl --a---- 3997696 bytes [06:48 07/11/2010] [06:48 07/11/2010] 9066FF2415631DC0066B136856945372
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{37bd976b-a021-4dc6-a830-914215edf367}\ksnapshot.etl --a---- 3997696 bytes [09:31 09/11/2010] [09:31 09/11/2010] 6872407C5A0FEB4BF33989E9ACDF4EC7
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{46b984c7-3c9f-4e0e-9a8f-f24ee9f5ec40}\ksnapshot.etl --a---- 3997696 bytes [04:55 10/11/2010] [04:55 10/11/2010] 3E33686B61393433A20AB3017FDA4928
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{5d05d307-8c9a-4fd5-af7f-0b7b236d32cd}\ksnapshot.etl --a---- 3997696 bytes [05:07 15/11/2010] [05:07 15/11/2010] 402CD98910BFC4BAF1E13A7C50D0F5DB
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{7e376c86-7c5b-48a5-b0df-fbc8d919178d}\ksnapshot.etl --a---- 3997696 bytes [13:41 05/11/2010] [13:41 05/11/2010] E9F65C69B7FE0E635D4B60A6770E4432
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{8c2cc463-708b-410d-960c-67747defac30}\ksnapshot.etl --a---- 3997696 bytes [09:29 02/11/2010] [09:29 02/11/2010] C587FFA563F31E94E4B8146858AF73C9
C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{99048263-5317-4b75-916a-53db9a12547a}\ksnapshot.etl --a---- 3997696 bytes [10:58 09/11/2010] [10:58 09/11/2010] 1336336599EA8AA2D24E4CE0B996AC54

========== regfind ==========

Searching for "ksnapshot"
No data found.

-= EOF =-

And here is my new HiJackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:21:02 PM, on 15/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Cyberlink\PowerCinema\PCMAgent.exe
C:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Cyberlink\PlayMovie\PMVService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\PROGRA~1\Jetico\BCWipe\BCResident.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [PCMAgent] "c:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "c:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "c:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /T
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\support\Register\Reg.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3799F451-55C5-45F7-9E4B-7531AE4090D3}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{3799F451-55C5-45F7-9E4B-7531AE4090D3}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: BCWipe service (BCWipeSvc) - Jetico, Inc. - C:\Program Files\Jetico\BCWipe\BCWipeSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6564 bytes

Many thanks for your assistance. :)
SpectreWolf
Regular Member
 
Posts: 25
Joined: November 11th, 2010, 1:52 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware